@babylonlabs-io/ts-sdk 0.33.2 → 0.33.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (58) hide show
  1. package/dist/{PeginManager-BtXhdqkm.js → PeginManager-C-L3huRO.js} +330 -334
  2. package/dist/PeginManager-C-L3huRO.js.map +1 -0
  3. package/dist/{PeginManager-ztgWQqza.cjs → PeginManager-DmPmzPHz.cjs} +2 -2
  4. package/dist/PeginManager-DmPmzPHz.cjs.map +1 -0
  5. package/dist/{bitcoin-0_T6KJON.js → bitcoin-B0S8SHCX.js} +24 -20
  6. package/dist/bitcoin-B0S8SHCX.js.map +1 -0
  7. package/dist/bitcoin-B3aqjuMP.cjs +2 -0
  8. package/dist/bitcoin-B3aqjuMP.cjs.map +1 -0
  9. package/dist/{buildAndBroadcastRefund-Ci_pVTNu.js → buildAndBroadcastRefund-Dx09Zbla.js} +3 -3
  10. package/dist/buildAndBroadcastRefund-Dx09Zbla.js.map +1 -0
  11. package/dist/{buildAndBroadcastRefund-DKr9hbDn.cjs → buildAndBroadcastRefund-PmJMNrhO.cjs} +2 -2
  12. package/dist/buildAndBroadcastRefund-PmJMNrhO.cjs.map +1 -0
  13. package/dist/{challengeAssert-KGVKQh0J.js → challengeAssert-D3tHnLWb.js} +2 -2
  14. package/dist/{challengeAssert-KGVKQh0J.js.map → challengeAssert-D3tHnLWb.js.map} +1 -1
  15. package/dist/{challengeAssert-06GLZtV8.cjs → challengeAssert-Dp9d1bg1.cjs} +2 -2
  16. package/dist/{challengeAssert-06GLZtV8.cjs.map → challengeAssert-Dp9d1bg1.cjs.map} +1 -1
  17. package/dist/index.cjs +1 -1
  18. package/dist/index.js +7 -7
  19. package/dist/{noPayout-BmMd4NNH.js → noPayout-BnsetBKW.js} +2 -2
  20. package/dist/{noPayout-BmMd4NNH.js.map → noPayout-BnsetBKW.js.map} +1 -1
  21. package/dist/{noPayout-Bp2TYA_X.cjs → noPayout-DWaCtpMU.cjs} +2 -2
  22. package/dist/{noPayout-Bp2TYA_X.cjs.map → noPayout-DWaCtpMU.cjs.map} +1 -1
  23. package/dist/{psbtInputFields-BLi7Ta-T.cjs → psbtInputFields-6sRcZqdb.cjs} +2 -2
  24. package/dist/{psbtInputFields-BLi7Ta-T.cjs.map → psbtInputFields-6sRcZqdb.cjs.map} +1 -1
  25. package/dist/{psbtInputFields-DPCFHgGd.js → psbtInputFields-C5QPn1YK.js} +2 -2
  26. package/dist/{psbtInputFields-DPCFHgGd.js.map → psbtInputFields-C5QPn1YK.js.map} +1 -1
  27. package/dist/tbv/core/clients/index.cjs +1 -1
  28. package/dist/tbv/core/clients/index.js +1 -1
  29. package/dist/tbv/core/index.cjs +1 -1
  30. package/dist/tbv/core/index.js +7 -7
  31. package/dist/tbv/core/managers/PayoutManager.d.ts +8 -4
  32. package/dist/tbv/core/managers/PayoutManager.d.ts.map +1 -1
  33. package/dist/tbv/core/managers/PeginManager.d.ts +15 -1
  34. package/dist/tbv/core/managers/PeginManager.d.ts.map +1 -1
  35. package/dist/tbv/core/primitives/index.cjs +1 -1
  36. package/dist/tbv/core/primitives/index.js +3 -3
  37. package/dist/tbv/core/primitives/utils/bitcoin.d.ts +6 -4
  38. package/dist/tbv/core/primitives/utils/bitcoin.d.ts.map +1 -1
  39. package/dist/tbv/core/services/index.cjs +1 -1
  40. package/dist/tbv/core/services/index.js +1 -1
  41. package/dist/tbv/core/utils/index.cjs +1 -1
  42. package/dist/tbv/core/utils/index.js +2 -2
  43. package/dist/tbv/index.cjs +1 -1
  44. package/dist/tbv/index.js +7 -7
  45. package/dist/testing/index.cjs +1 -1
  46. package/dist/testing/index.js +1 -1
  47. package/dist/{vault-registry-reader-CmDdymw4.cjs → vault-registry-reader-CKe9TbX6.cjs} +2 -2
  48. package/dist/{vault-registry-reader-CmDdymw4.cjs.map → vault-registry-reader-CKe9TbX6.cjs.map} +1 -1
  49. package/dist/{vault-registry-reader-eiBfG4uQ.js → vault-registry-reader-CWGbw_wZ.js} +2 -2
  50. package/dist/{vault-registry-reader-eiBfG4uQ.js.map → vault-registry-reader-CWGbw_wZ.js.map} +1 -1
  51. package/package.json +1 -1
  52. package/dist/PeginManager-BtXhdqkm.js.map +0 -1
  53. package/dist/PeginManager-ztgWQqza.cjs.map +0 -1
  54. package/dist/bitcoin-0_T6KJON.js.map +0 -1
  55. package/dist/bitcoin-EYBKDtEW.cjs +0 -2
  56. package/dist/bitcoin-EYBKDtEW.cjs.map +0 -1
  57. package/dist/buildAndBroadcastRefund-Ci_pVTNu.js.map +0 -1
  58. package/dist/buildAndBroadcastRefund-DKr9hbDn.cjs.map +0 -1
package/dist/{vault-registry-reader-eiBfG4uQ.js.map → vault-registry-reader-CWGbw_wZ.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"vault-registry-reader-eiBfG4uQ.js","sources":["../src/tbv/core/clients/mempool/mempoolApi.ts","../src/tbv/core/contracts/abis/ApplicationRegistry.abi.ts","../src/tbv/core/contracts/abis/ProtocolParams.abi.ts","../src/tbv/core/clients/vault-provider/validators.ts","../src/tbv/core/clients/vault-provider/api.ts","../src/tbv/core/clients/vault-provider/auth/bip322Verify.ts","../src/tbv/core/clients/vault-provider/auth/cbor.ts","../src/tbv/core/clients/vault-provider/auth/serverIdentity.ts","../src/tbv/core/clients/vault-provider/auth/gatedMethods.ts","../src/tbv/core/clients/vault-provider/auth/innerTokenClient.ts","../src/tbv/core/clients/vault-provider/auth/tokenProvider.ts","../src/tbv/core/clients/vault-provider/auth/tokenRegistry.ts","../src/tbv/core/clients/vault-provider/auth/createAuthenticatedVpClient.ts","../src/tbv/core/clients/vault-provider/auth/primeVpAuth.ts","../src/tbv/core/clients/eth/contract-address-resolver.ts","../src/tbv/core/clients/eth/protocol-params-reader.ts","../src/tbv/core/clients/eth/signer-set-reader.ts","../src/tbv/core/clients/eth/vault-registry-reader.ts"],"sourcesContent":["/**\n * Mempool API Client\n *\n * Client for interacting with mempool.space API for Bitcoin network operations.\n * Used for broadcasting transactions and fetching UTXO data.\n *\n * @module clients/mempool/mempoolApi\n */\n\nimport {\n BITCOIN_ADDRESS_RE,\n HEX_RE,\n KNOWN_SCRIPT_PREFIXES,\n TXID_RE,\n} from \"../../utils/validation\";\n\nimport type { MempoolUTXO, NetworkFees, TxInfo, UtxoInfo } from \"./types\";\n\n/** Maximum valid satoshi value: 21 million BTC × 10^8 sats/BTC */\nconst MAX_SATOSHIS = 21_000_000 * 1e8;\n\n/** Timeout for mempool API requests — prevents indefinite hangs from stalled endpoints */\nconst MEMPOOL_REQUEST_TIMEOUT_MS = 30_000;\n\n/**\n * Fetch wrapper with AbortController-based timeout.\n * Ensures all mempool API requests fail bounded rather than hanging indefinitely.\n */\nasync function fetchWithTimeout(\n url: string,\n options?: RequestInit,\n): Promise<Response> {\n const controller = new AbortController();\n const timeoutId = setTimeout(\n () => controller.abort(),\n MEMPOOL_REQUEST_TIMEOUT_MS,\n );\n\n // Compose timeout signal with any caller-supplied signal so both can cancel\n const signals = [controller.signal, options?.signal].filter(\n Boolean,\n ) as AbortSignal[];\n\n try {\n // Don't clear timeout here — let it cover body consumption by callers\n return await fetch(url, {\n ...options,\n signal: AbortSignal.any(signals),\n });\n } catch (error) {\n clearTimeout(timeoutId);\n if (\n error != null &&\n typeof error === \"object\" &&\n \"name\" in error &&\n error.name === \"AbortError\"\n ) {\n throw new Error(\n `Mempool API request timed out after ${MEMPOOL_REQUEST_TIMEOUT_MS}ms: ${url}`,\n );\n }\n throw error;\n }\n}\n\n/**\n * Maximum sane fee rate in sat/vByte.\n * The April 2024 Runes spike peaked around 1,805 sat/vB — 10,000 provides ample headroom.\n */\nconst MAX_FEE_RATE = 10_000;\n\nfunction isValidSatoshiValue(value: number): boolean {\n return Number.isInteger(value) && value > 0 && value <= MAX_SATOSHIS;\n}\n\nfunction isValidFeeRate(value: number): boolean {\n return Number.isInteger(value) && value > 0 && value <= MAX_FEE_RATE;\n}\n\nfunction isValidVout(vout: number, outputCount?: number): boolean {\n if (!Number.isInteger(vout) || vout < 0) return false;\n return outputCount === undefined || vout < outputCount;\n}\n\n\nfunction assertValidTxid(txid: string): void {\n if (!TXID_RE.test(txid)) {\n throw new Error(`Invalid transaction ID format: ${txid}`);\n }\n}\n\nfunction assertValidAddress(address: string): void {\n if (!BITCOIN_ADDRESS_RE.test(address)) {\n throw new Error(`Invalid Bitcoin address format: ${address}`);\n }\n}\n\nfunction assertValidScriptPubKey(scriptPubKey: string, context: string): void {\n if (!HEX_RE.test(scriptPubKey)) {\n throw new Error(\n `Invalid scriptPubKey: not valid hex for ${context}`,\n );\n }\n const matchesKnownType = KNOWN_SCRIPT_PREFIXES.some((prefix) =>\n scriptPubKey.toLowerCase().startsWith(prefix),\n );\n if (!matchesKnownType) {\n throw new Error(\n `Unrecognized scriptPubKey type for ${context}: ` +\n `prefix ${scriptPubKey.slice(0, 6)} does not match any known Bitcoin script type`,\n );\n }\n}\n\n/**\n * Default mempool API URLs by network.\n */\nexport const MEMPOOL_API_URLS = {\n mainnet: \"https://mempool.space/api\",\n testnet: \"https://mempool.space/testnet/api\",\n signet: \"https://mempool.space/signet/api\",\n} as const;\n\n/**\n * Fetch wrapper with error handling.\n */\nasync function fetchApi<T>(\n url: string,\n options?: RequestInit,\n): Promise<T> {\n try {\n const response = await fetchWithTimeout(url, options);\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(\n `Mempool API error (${response.status}): ${errorText || response.statusText}`,\n );\n }\n\n const contentType = response.headers.get(\"content-type\");\n if (contentType?.includes(\"application/json\")) {\n return (await response.json()) as T;\n } else {\n return (await response.text()) as T;\n }\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(`Failed to fetch from mempool API: ${error.message}`);\n }\n throw new Error(\"Failed to fetch from mempool API: Unknown error\");\n }\n}\n\n/**\n * Push a signed transaction to the Bitcoin network.\n *\n * @param txHex - The signed transaction hex string\n * @param apiUrl - Mempool API base URL\n * @returns The transaction ID\n * @throws Error if broadcasting fails\n */\nexport async function pushTx(txHex: string, apiUrl: string): Promise<string> {\n try {\n const response = await fetchWithTimeout(`${apiUrl}/tx`, {\n method: \"POST\",\n body: txHex,\n headers: {\n \"Content-Type\": \"text/plain\",\n },\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n // Try to extract error message from response using robust JSON parsing\n let message: string | undefined;\n try {\n const errorJson = JSON.parse(errorText);\n message = errorJson.message;\n } catch {\n // Not JSON, use raw text\n message = errorText;\n }\n throw new Error(\n message || `Failed to broadcast transaction: ${response.statusText}`,\n );\n }\n\n // Response is the transaction ID (plain text)\n const txId = await response.text();\n return txId;\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(`Failed to broadcast BTC transaction: ${error.message}`);\n }\n throw new Error(\"Failed to broadcast BTC transaction: Unknown error\");\n }\n}\n\n/**\n * Get transaction information from mempool.\n *\n * @param txid - The transaction ID\n * @param apiUrl - Mempool API base URL\n * @returns Transaction information\n */\nexport async function getTxInfo(txid: string, apiUrl: string): Promise<TxInfo> {\n assertValidTxid(txid);\n return fetchApi<TxInfo>(`${apiUrl}/tx/${txid}`);\n}\n\n/**\n * Get the hex representation of a transaction.\n *\n * @param txid - The transaction ID\n * @param apiUrl - Mempool API base URL\n * @returns The transaction hex string\n * @throws Error if the request fails or transaction is not found\n */\nexport async function getTxHex(txid: string, apiUrl: string): Promise<string> {\n assertValidTxid(txid);\n try {\n const response = await fetchWithTimeout(`${apiUrl}/tx/${txid}/hex`);\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(\n `Mempool API error (${response.status}): ${errorText || response.statusText}`,\n );\n }\n\n return await response.text();\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(`Failed to get transaction hex for ${txid}: ${error.message}`);\n }\n throw new Error(`Failed to get transaction hex for ${txid}: Unknown error`);\n }\n}\n\n/**\n * Get UTXO information for a specific transaction output.\n *\n * This is used for constructing PSBTs where we need the witnessUtxo data.\n * Only supports Taproot (P2TR) and native SegWit (P2WPKH, P2WSH) script types.\n *\n * @param txid - The transaction ID containing the UTXO\n * @param vout - The output index\n * @param apiUrl - Mempool API base URL\n * @returns UTXO information with value and scriptPubKey\n */\nexport async function getUtxoInfo(\n txid: string,\n vout: number,\n apiUrl: string,\n): Promise<UtxoInfo> {\n assertValidTxid(txid);\n const txInfo = await getTxInfo(txid, apiUrl);\n\n if (!isValidVout(vout, txInfo.vout.length)) {\n throw new Error(\n `Invalid vout ${vout} for transaction ${txid} (has ${txInfo.vout.length} outputs)`,\n );\n }\n\n const output = txInfo.vout[vout];\n if (!isValidSatoshiValue(output.value)) {\n throw new Error(`Invalid UTXO value ${output.value} for ${txid}:${vout}`);\n }\n assertValidScriptPubKey(output.scriptpubkey, `${txid}:${vout}`);\n\n return {\n txid,\n vout,\n value: output.value,\n scriptPubKey: output.scriptpubkey,\n };\n}\n\n/**\n * Get all UTXOs for a Bitcoin address.\n *\n * @param address - The Bitcoin address\n * @param apiUrl - Mempool API base URL\n * @returns Array of UTXOs sorted by value (largest first)\n */\nexport async function getAddressUtxos(\n address: string,\n apiUrl: string,\n): Promise<MempoolUTXO[]> {\n assertValidAddress(address);\n try {\n // Fetch UTXOs for the address\n const utxos = await fetchApi<\n {\n txid: string;\n vout: number;\n value: number;\n status: {\n confirmed: boolean;\n };\n }[]\n >(`${apiUrl}/address/${address}/utxo`);\n\n // Fetch scriptPubKey for the address\n const addressInfo = await fetchApi<{\n isvalid: boolean;\n scriptPubKey: string;\n }>(`${apiUrl}/v1/validate-address/${address}`);\n\n if (!addressInfo.isvalid) {\n throw new Error(\n `Invalid Bitcoin address: ${address}. Mempool API validation failed.`,\n );\n }\n assertValidScriptPubKey(addressInfo.scriptPubKey, address);\n\n // Validate UTXO fields from the listing endpoint.\n // Per-UTXO cross-verification against /tx/{txid} is intentionally NOT done\n // here — it would be expensive (N API calls) and redundant: the broadcast\n // path already verifies each selected input via getUtxoInfo before signing.\n // Both endpoints come from the same mempool API, so cross-checking one\n // against the other on the same server does not add real security.\n for (const utxo of utxos) {\n assertValidTxid(utxo.txid);\n if (!isValidVout(utxo.vout)) {\n throw new Error(`Invalid vout ${utxo.vout} for ${utxo.txid}`);\n }\n if (!isValidSatoshiValue(utxo.value)) {\n throw new Error(\n `Invalid UTXO value ${utxo.value} for ${utxo.txid}:${utxo.vout}`,\n );\n }\n }\n\n // Sort by value (largest first) and map to our UTXO format\n const sortedUTXOs = utxos.sort((a, b) => b.value - a.value);\n\n return sortedUTXOs.map((utxo) => ({\n txid: utxo.txid,\n vout: utxo.vout,\n value: utxo.value,\n scriptPubKey: addressInfo.scriptPubKey,\n confirmed: utxo.status.confirmed,\n }));\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(\n `Failed to get UTXOs for address ${address}: ${error.message}`,\n );\n }\n throw new Error(\n `Failed to get UTXOs for address ${address}: Unknown error`,\n );\n }\n}\n\n/**\n * Get the mempool API URL for a given network.\n *\n * @param network - Bitcoin network (mainnet, testnet, signet)\n * @returns The mempool API URL\n */\nexport function getMempoolApiUrl(\n network: \"mainnet\" | \"testnet\" | \"signet\",\n): string {\n return MEMPOOL_API_URLS[network];\n}\n\n/**\n * Transaction summary from address transactions endpoint.\n */\nexport interface AddressTx {\n txid: string;\n status: {\n confirmed: boolean;\n block_height?: number;\n };\n}\n\n/**\n * Get recent transactions for a Bitcoin address.\n *\n * Returns the last 25 confirmed transactions plus any unconfirmed (mempool) transactions.\n * This is useful for checking if a specific transaction has been broadcast.\n *\n * @param address - The Bitcoin address\n * @param apiUrl - Mempool API base URL\n * @returns Array of recent transactions\n */\nexport async function getAddressTxs(\n address: string,\n apiUrl: string,\n): Promise<AddressTx[]> {\n assertValidAddress(address);\n return fetchApi<AddressTx[]>(`${apiUrl}/address/${address}/txs`);\n}\n\n/**\n * Fetches Bitcoin network fee recommendations from mempool.space API.\n *\n * @param apiUrl - Mempool API base URL\n * @returns Fee rates in sat/vbyte for different confirmation times\n * @throws Error if request fails or returns invalid data\n *\n * @see https://mempool.space/docs/api/rest#get-recommended-fees\n */\nexport async function getNetworkFees(apiUrl: string): Promise<NetworkFees> {\n const response = await fetchWithTimeout(`${apiUrl}/v1/fees/recommended`);\n\n if (!response.ok) {\n throw new Error(\n `Failed to fetch network fees: ${response.status} ${response.statusText}`,\n );\n }\n\n const data = await response.json();\n\n const feeFields = [\n \"fastestFee\",\n \"halfHourFee\",\n \"hourFee\",\n \"economyFee\",\n \"minimumFee\",\n ] as const;\n\n for (const field of feeFields) {\n if (!isValidFeeRate(data[field])) {\n throw new Error(\n `Invalid fee rate ${field}=${data[field]} from mempool API: expected a positive number ≤ ${MAX_FEE_RATE}`,\n );\n }\n }\n\n if (\n data.minimumFee > data.economyFee ||\n data.economyFee > data.hourFee ||\n data.hourFee > data.halfHourFee ||\n data.halfHourFee > data.fastestFee\n ) {\n throw new Error(\n `Fee rate ordering violation from mempool API: expected ` +\n `minimumFee (${data.minimumFee}) <= economyFee (${data.economyFee}) <= ` +\n `hourFee (${data.hourFee}) <= halfHourFee (${data.halfHourFee}) <= ` +\n `fastestFee (${data.fastestFee}).`,\n );\n }\n\n return data as NetworkFees;\n}\n\n","/**\n * ApplicationRegistry Contract ABI\n *\n * Minimal ABI containing only the vault keeper read functions needed by the SDK.\n * Generated from vault-contracts-aave-v4 IApplicationRegistry.sol interface.\n *\n * @module contracts/abis/ApplicationRegistry\n */\n\nexport const ApplicationRegistryABI = [\n {\n type: \"function\",\n name: \"getVaultKeepersByVersion\",\n inputs: [\n {\n name: \"appEntryPoint\",\n type: \"address\",\n internalType: \"address\",\n },\n {\n name: \"versionNumber\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n ],\n outputs: [\n {\n name: \"\",\n type: \"tuple[]\",\n internalType: \"struct BTCVaultTypes.AddressBTCKeyPair[]\",\n components: [\n {\n name: \"ethAddress\",\n type: \"address\",\n internalType: \"address\",\n },\n {\n name: \"btcPubKey\",\n type: \"bytes32\",\n internalType: \"bytes32\",\n },\n ],\n },\n ],\n stateMutability: \"view\",\n },\n {\n type: \"function\",\n name: \"getCurrentVaultKeepers\",\n inputs: [\n {\n name: \"appEntryPoint\",\n type: \"address\",\n internalType: \"address\",\n },\n ],\n outputs: [\n {\n name: \"\",\n type: \"tuple[]\",\n internalType: \"struct BTCVaultTypes.AddressBTCKeyPair[]\",\n components: [\n {\n name: \"ethAddress\",\n type: \"address\",\n internalType: \"address\",\n },\n {\n name: \"btcPubKey\",\n type: \"bytes32\",\n internalType: \"bytes32\",\n },\n ],\n },\n ],\n stateMutability: \"view\",\n },\n {\n type: \"function\",\n name: \"getCurrentVaultKeepersVersion\",\n inputs: [\n {\n name: \"appEntryPoint\",\n type: \"address\",\n internalType: \"address\",\n },\n ],\n outputs: [\n {\n name: \"\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n ],\n stateMutability: \"view\",\n },\n] as const;\n","/**\n * ProtocolParams Contract ABI\n *\n * Minimal ABI containing only the read functions needed by the SDK.\n * Generated from vault-contracts-aave-v4 IProtocolParams.sol interface.\n *\n * @module contracts/abis/ProtocolParams\n */\n\nexport const ProtocolParamsABI = [\n {\n type: \"function\",\n name: \"getTBVProtocolParams\",\n inputs: [],\n outputs: [\n {\n name: \"\",\n type: \"tuple\",\n internalType: \"struct IProtocolParams.TBVProtocolParams\",\n components: [\n {\n name: \"minimumPegInAmount\",\n type: \"uint64\",\n internalType: \"uint64\",\n },\n {\n name: \"maxPegInAmount\",\n type: \"uint64\",\n internalType: \"uint64\",\n },\n {\n name: \"pegInAckTimeout\",\n type: \"uint64\",\n internalType: \"uint64\",\n },\n {\n name: \"pegInActivationTimeout\",\n type: \"uint64\",\n internalType: \"uint64\",\n },\n {\n name: \"maxHtlcOutputCount\",\n type: \"uint8\",\n internalType: \"uint8\",\n },\n ],\n },\n ],\n stateMutability: \"view\",\n },\n {\n type: \"function\",\n name: \"getLatestOffchainParams\",\n inputs: [],\n outputs: [\n {\n name: \"\",\n type: \"tuple\",\n internalType: \"struct IProtocolParams.VersionedOffchainParams\",\n components: [\n {\n name: \"timelockAssert\",\n type: \"uint256\",\n internalType: \"uint256\",\n },\n {\n name: \"timelockChallengeAssert\",\n type: \"uint256\",\n internalType: \"uint256\",\n },\n {\n name: \"securityCouncilKeys\",\n type: \"bytes32[]\",\n internalType: \"bytes32[]\",\n },\n {\n name: \"councilQuorum\",\n type: \"uint8\",\n internalType: \"uint8\",\n },\n {\n name: \"feeRate\",\n type: \"uint64\",\n internalType: \"uint64\",\n },\n {\n name: \"babeTotalInstances\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n {\n name: \"babeInstancesToFinalize\",\n type: \"uint8\",\n internalType: \"uint8\",\n },\n {\n name: \"minVpCommissionBps\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n {\n name: \"tRefund\",\n type: \"uint32\",\n internalType: \"uint32\",\n },\n {\n name: \"tStale\",\n type: \"uint32\",\n internalType: \"uint32\",\n },\n {\n name: \"minPeginFeeRate\",\n type: \"uint64\",\n internalType: \"uint64\",\n },\n {\n name: \"proverProgramVersion\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n {\n name: \"minPrepeginDepth\",\n type: \"uint32\",\n internalType: \"uint32\",\n },\n ],\n },\n ],\n stateMutability: \"view\",\n },\n {\n type: \"function\",\n name: \"getOffchainParamsByVersion\",\n inputs: [\n {\n name: \"versionNumber\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n ],\n outputs: [\n {\n name: \"\",\n type: \"tuple\",\n internalType: \"struct IProtocolParams.VersionedOffchainParams\",\n components: [\n {\n name: \"timelockAssert\",\n type: \"uint256\",\n internalType: \"uint256\",\n },\n {\n name: \"timelockChallengeAssert\",\n type: \"uint256\",\n internalType: \"uint256\",\n },\n {\n name: \"securityCouncilKeys\",\n type: \"bytes32[]\",\n internalType: \"bytes32[]\",\n },\n {\n name: \"councilQuorum\",\n type: \"uint8\",\n internalType: \"uint8\",\n },\n {\n name: \"feeRate\",\n type: \"uint64\",\n internalType: \"uint64\",\n },\n {\n name: \"babeTotalInstances\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n {\n name: \"babeInstancesToFinalize\",\n type: \"uint8\",\n internalType: \"uint8\",\n },\n {\n name: \"minVpCommissionBps\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n {\n name: \"tRefund\",\n type: \"uint32\",\n internalType: \"uint32\",\n },\n {\n name: \"tStale\",\n type: \"uint32\",\n internalType: \"uint32\",\n },\n {\n name: \"minPeginFeeRate\",\n type: \"uint64\",\n internalType: \"uint64\",\n },\n {\n name: \"proverProgramVersion\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n {\n name: \"minPrepeginDepth\",\n type: \"uint32\",\n internalType: \"uint32\",\n },\n ],\n },\n ],\n stateMutability: \"view\",\n },\n {\n type: \"function\",\n name: \"latestOffchainParamsVersion\",\n inputs: [],\n outputs: [\n {\n name: \"\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n ],\n stateMutability: \"view\",\n },\n {\n type: \"function\",\n name: \"getUniversalChallengersByVersion\",\n inputs: [\n {\n name: \"versionNumber\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n ],\n outputs: [\n {\n name: \"\",\n type: \"tuple[]\",\n internalType: \"struct BTCVaultTypes.AddressBTCKeyPair[]\",\n components: [\n {\n name: \"ethAddress\",\n type: \"address\",\n internalType: \"address\",\n },\n {\n name: \"btcPubKey\",\n type: \"bytes32\",\n internalType: \"bytes32\",\n },\n ],\n },\n ],\n stateMutability: \"view\",\n },\n {\n type: \"function\",\n name: \"getCurrentUniversalChallengers\",\n inputs: [],\n outputs: [\n {\n name: \"\",\n type: \"tuple[]\",\n internalType: \"struct BTCVaultTypes.AddressBTCKeyPair[]\",\n components: [\n {\n name: \"ethAddress\",\n type: \"address\",\n internalType: \"address\",\n },\n {\n name: \"btcPubKey\",\n type: \"bytes32\",\n internalType: \"bytes32\",\n },\n ],\n },\n ],\n stateMutability: \"view\",\n },\n {\n type: \"function\",\n name: \"latestUniversalChallengersVersion\",\n inputs: [],\n outputs: [\n {\n name: \"\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n ],\n stateMutability: \"view\",\n },\n] as const;\n","/**\n * Runtime validation for vault provider RPC responses.\n *\n * All VP RPC methods return untyped JSON that TypeScript generics cast without\n * inspection. These validators check the critical top-level fields and\n * security-relevant values (status, txids, pubkeys). Optional progress\n * sub-fields (gc_data, ack_collection, claimer_graphs) are NOT validated\n * since they are informational and not used for signing or transaction\n * construction. Only `progress.presigning` sub-fields are checked.\n */\n\nimport {\n COMPRESSED_PUBKEY_HEX_LEN,\n X_ONLY_PUBKEY_HEX_LEN,\n} from \"../../primitives/utils/bitcoin\";\nimport { HEX_RE } from \"../../utils/validation\";\n\nimport { DaemonStatus } from \"./types\";\nimport type {\n GetPeginStatusResponse,\n GetPegoutStatusResponse,\n RequestDepositorClaimerArtifactsResponse,\n RequestDepositorPresignTransactionsResponse,\n} from \"./types\";\n\nconst DAEMON_STATUS_VALUES = new Set<string>(Object.values(DaemonStatus));\n\nconst VP_ERROR_PREVIEW_MAX_LEN = 200;\n\nfunction preview(value: unknown): string {\n return (\n JSON.stringify(value)?.slice(0, VP_ERROR_PREVIEW_MAX_LEN) ?? \"undefined\"\n );\n}\n\nconst VP_VALIDATION_USER_MESSAGE =\n \"The vault provider returned an unexpected response. Please try again or contact support.\";\n\n/**\n * Thrown when a VP RPC response fails runtime validation.\n *\n * `.message` is a user-facing string safe to display in the UI.\n * `.detail` contains the technical reason, suitable for logging.\n */\nexport class VpResponseValidationError extends Error {\n readonly detail: string;\n\n constructor(detail: string) {\n super(VP_VALIDATION_USER_MESSAGE);\n this.name = \"VpResponseValidationError\";\n this.detail = detail;\n }\n}\n\n/** Expected length (in hex chars) of a Bitcoin transaction ID (32 bytes). */\nconst TXID_HEX_LEN = 64;\n\nfunction isNonEmptyHex(value: unknown): value is string {\n return typeof value === \"string\" && value.length > 0 && HEX_RE.test(value);\n}\n\nfunction isNonEmptyString(value: unknown): value is string {\n return typeof value === \"string\" && value.length > 0;\n}\n\nfunction assertNonEmptyHex(value: unknown, field: string): void {\n if (!isNonEmptyHex(value)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"${field}\" must be a non-empty hex string, got ${preview(value)}`,\n );\n }\n}\n\nfunction assertNonEmptyString(value: unknown, field: string): void {\n if (!isNonEmptyString(value)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"${field}\" must be a non-empty string, got ${preview(value)}`,\n );\n }\n}\n\n/**\n * Accept both x-only (64-char) and compressed (66-char) pubkeys from VP responses.\n * The signing code normalizes to x-only via processPublicKeyToXOnly().\n */\nfunction assertBtcPubkey(value: unknown, field: string): void {\n if (\n !isNonEmptyHex(value) ||\n (value.length !== X_ONLY_PUBKEY_HEX_LEN &&\n value.length !== COMPRESSED_PUBKEY_HEX_LEN)\n ) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"${field}\" must be a ${X_ONLY_PUBKEY_HEX_LEN} or ${COMPRESSED_PUBKEY_HEX_LEN}-char hex string (BTC pubkey), got ${preview(value)}`,\n );\n }\n}\n\n/**\n * Validate the optional presigning progress fields returned inside PeginProgressDetails.\n */\nfunction validatePresigningProgressFields(\n progress: Record<string, unknown>,\n): void {\n const presigning = progress.presigning;\n if (presigning === undefined || presigning === null) return;\n if (typeof presigning !== \"object\" || Array.isArray(presigning)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"progress.presigning\" must be an object if present`,\n );\n }\n\n const p = presigning as Record<string, unknown>;\n\n if (\n p.depositor_graph_created !== undefined &&\n typeof p.depositor_graph_created !== \"boolean\"\n ) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"progress.presigning.depositor_graph_created\" must be a boolean if present, got ${preview(p.depositor_graph_created)}`,\n );\n }\n\n if (\n p.vk_challenger_presigning_completed !== undefined &&\n typeof p.vk_challenger_presigning_completed !== \"number\"\n ) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"progress.presigning.vk_challenger_presigning_completed\" must be a number if present, got ${preview(p.vk_challenger_presigning_completed)}`,\n );\n }\n\n if (\n p.vk_challenger_presigning_total !== undefined &&\n typeof p.vk_challenger_presigning_total !== \"number\"\n ) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"progress.presigning.vk_challenger_presigning_total\" must be a number if present, got ${preview(p.vk_challenger_presigning_total)}`,\n );\n }\n}\n\n/**\n * Validate a getPeginStatus response.\n *\n * Throws if the status field is not a recognized DaemonStatus value.\n */\nexport function validateGetPeginStatusResponse(\n response: unknown,\n): asserts response is GetPeginStatusResponse {\n if (response === null || typeof response !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: getPeginStatus response is not an object`,\n );\n }\n\n const r = response as Record<string, unknown>;\n\n if (!isNonEmptyHex(r.pegin_txid) || r.pegin_txid.length !== TXID_HEX_LEN) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"pegin_txid\" must be a ${TXID_HEX_LEN}-char hex string (txid), got ${preview(r.pegin_txid)}`,\n );\n }\n\n if (typeof r.status !== \"string\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"status\" must be a string`,\n );\n }\n\n if (!DAEMON_STATUS_VALUES.has(r.status)) {\n throw new VpResponseValidationError(\n `VP response validation failed: unrecognized status \"${r.status}\". Expected one of: ${[...DAEMON_STATUS_VALUES].join(\", \")}`,\n );\n }\n\n if (\n r.progress === null ||\n typeof r.progress !== \"object\" ||\n Array.isArray(r.progress)\n ) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"progress\" must be an object`,\n );\n }\n\n validatePresigningProgressFields(r.progress as Record<string, unknown>);\n\n if (typeof r.health_info !== \"string\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"health_info\" must be a string`,\n );\n }\n\n if (r.last_error !== undefined && typeof r.last_error !== \"string\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"last_error\" must be a string if present, got ${preview(r.last_error)}`,\n );\n }\n}\n\n/**\n * Validate a requestDepositorPresignTransactions response.\n */\nexport function validateRequestDepositorPresignTransactionsResponse(\n response: unknown,\n): asserts response is RequestDepositorPresignTransactionsResponse {\n if (response === null || typeof response !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: requestDepositorPresignTransactions response is not an object`,\n );\n }\n\n const r = response as Record<string, unknown>;\n\n if (!Array.isArray(r.txs)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"txs\" must be an array`,\n );\n }\n\n for (let i = 0; i < r.txs.length; i++) {\n validateClaimerTransactions(r.txs[i], `txs[${i}]`);\n }\n\n if (r.depositor_graph === null || typeof r.depositor_graph !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"depositor_graph\" must be an object`,\n );\n }\n\n validateDepositorGraphTransactions(\n r.depositor_graph as Record<string, unknown>,\n );\n}\n\nfunction validateTransactionData(value: unknown, field: string): void {\n if (value === null || typeof value !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"${field}\" must be an object`,\n );\n }\n const tx = value as Record<string, unknown>;\n assertNonEmptyHex(tx.tx_hex, `${field}.tx_hex`);\n}\n\nfunction validateClaimerTransactions(value: unknown, field: string): void {\n if (value === null || typeof value !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"${field}\" must be an object`,\n );\n }\n\n const tx = value as Record<string, unknown>;\n\n assertBtcPubkey(tx.claimer_pubkey, `${field}.claimer_pubkey`);\n validateTransactionData(tx.claim_tx, `${field}.claim_tx`);\n validateTransactionData(tx.assert_tx, `${field}.assert_tx`);\n validateTransactionData(tx.payout_tx, `${field}.payout_tx`);\n assertNonEmptyString(tx.payout_psbt, `${field}.payout_psbt`);\n}\n\nfunction validateChallengeAssertConnectorData(\n value: unknown,\n field: string,\n): void {\n if (value === null || typeof value !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"${field}\" must be an object`,\n );\n }\n\n const c = value as Record<string, unknown>;\n assertNonEmptyString(c.wots_pks_json, `${field}.wots_pks_json`);\n assertNonEmptyString(c.gc_wots_keys_json, `${field}.gc_wots_keys_json`);\n}\n\nfunction validatePresignDataPerChallenger(value: unknown, field: string): void {\n if (value === null || typeof value !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"${field}\" must be an object`,\n );\n }\n\n const d = value as Record<string, unknown>;\n\n assertBtcPubkey(d.challenger_pubkey, `${field}.challenger_pubkey`);\n validateTransactionData(\n d.challenge_assert_x_tx,\n `${field}.challenge_assert_x_tx`,\n );\n validateTransactionData(\n d.challenge_assert_y_tx,\n `${field}.challenge_assert_y_tx`,\n );\n validateTransactionData(d.nopayout_tx, `${field}.nopayout_tx`);\n assertNonEmptyString(d.nopayout_psbt, `${field}.nopayout_psbt`);\n\n if (!Array.isArray(d.challenge_assert_connectors)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"${field}.challenge_assert_connectors\" must be an array`,\n );\n }\n\n for (let i = 0; i < d.challenge_assert_connectors.length; i++) {\n validateChallengeAssertConnectorData(\n d.challenge_assert_connectors[i],\n `${field}.challenge_assert_connectors[${i}]`,\n );\n }\n\n if (!Array.isArray(d.output_label_hashes)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"${field}.output_label_hashes\" must be an array`,\n );\n }\n\n for (let i = 0; i < d.output_label_hashes.length; i++) {\n assertNonEmptyHex(\n d.output_label_hashes[i],\n `${field}.output_label_hashes[${i}]`,\n );\n }\n}\n\n/**\n * Validate a requestDepositorClaimerArtifacts response.\n */\nexport function validateRequestDepositorClaimerArtifactsResponse(\n response: unknown,\n): asserts response is RequestDepositorClaimerArtifactsResponse {\n if (response === null || typeof response !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: requestDepositorClaimerArtifacts response is not an object`,\n );\n }\n\n const r = response as Record<string, unknown>;\n\n if (!isNonEmptyString(r.tx_graph_json)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"tx_graph_json\" must be a non-empty string, got ${preview(r.tx_graph_json)}`,\n );\n }\n\n if (!isNonEmptyHex(r.verifying_key_hex)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"verifying_key_hex\" must be a non-empty hex string, got ${preview(r.verifying_key_hex)}`,\n );\n }\n\n if (r.babe_sessions === null || typeof r.babe_sessions !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"babe_sessions\" must be an object`,\n );\n }\n\n for (const [key, session] of Object.entries(\n r.babe_sessions as Record<string, unknown>,\n )) {\n if (session === null || typeof session !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"babe_sessions.${key}\" must be an object`,\n );\n }\n const s = session as Record<string, unknown>;\n if (!isNonEmptyHex(s.decryptor_artifacts_hex)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"babe_sessions.${key}.decryptor_artifacts_hex\" must be a non-empty hex string, got ${preview(s.decryptor_artifacts_hex)}`,\n );\n }\n }\n}\n\n/**\n * Validate a getPegoutStatus response.\n */\nexport function validateGetPegoutStatusResponse(\n response: unknown,\n): asserts response is GetPegoutStatusResponse {\n if (response === null || typeof response !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: getPegoutStatus response is not an object`,\n );\n }\n\n const r = response as Record<string, unknown>;\n\n if (!isNonEmptyHex(r.pegin_txid) || r.pegin_txid.length !== TXID_HEX_LEN) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"pegin_txid\" must be a ${TXID_HEX_LEN}-char hex string (txid), got ${preview(r.pegin_txid)}`,\n );\n }\n\n if (typeof r.found !== \"boolean\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"found\" must be a boolean, got ${preview(r.found)}`,\n );\n }\n\n if (r.claimer !== undefined) {\n if (r.claimer === null || typeof r.claimer !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"claimer\" must be an object if present`,\n );\n }\n const claimer = r.claimer as Record<string, unknown>;\n if (typeof claimer.status !== \"string\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"claimer.status\" must be a string, got ${preview(claimer.status)}`,\n );\n }\n if (typeof claimer.failed !== \"boolean\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"claimer.failed\" must be a boolean, got ${preview(claimer.failed)}`,\n );\n }\n }\n\n if (r.challenger !== undefined) {\n if (r.challenger === null || typeof r.challenger !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"challenger\" must be an object if present`,\n );\n }\n const challenger = r.challenger as Record<string, unknown>;\n if (typeof challenger.status !== \"string\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"challenger.status\" must be a string, got ${preview(challenger.status)}`,\n );\n }\n }\n}\n\nfunction validateDepositorGraphTransactions(\n graph: Record<string, unknown>,\n): void {\n validateTransactionData(graph.claim_tx, \"depositor_graph.claim_tx\");\n validateTransactionData(graph.assert_tx, \"depositor_graph.assert_tx\");\n validateTransactionData(graph.payout_tx, \"depositor_graph.payout_tx\");\n assertNonEmptyString(graph.payout_psbt, \"depositor_graph.payout_psbt\");\n\n if (!Array.isArray(graph.challenger_presign_data)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"depositor_graph.challenger_presign_data\" must be an array`,\n );\n }\n\n for (let i = 0; i < graph.challenger_presign_data.length; i++) {\n validatePresignDataPerChallenger(\n graph.challenger_presign_data[i],\n `depositor_graph.challenger_presign_data[${i}]`,\n );\n }\n\n if (typeof graph.offchain_params_version !== \"number\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"depositor_graph.offchain_params_version\" must be a number`,\n );\n }\n}\n","/**\n * JSON-RPC client for the Vault Provider API.\n *\n * Wraps {@link JsonRpcClient} with typed methods matching the\n * `vaultProvider_*` RPC namespace defined in the btc-vault pegin spec.\n *\n * Implements the narrow service interfaces (PeginStatusReader, WotsKeySubmitter,\n * PresignClient, ClaimerArtifactsReader) so it can be passed directly to\n * any deposit protocol service function.\n *\n * @see https://github.com/babylonlabs-io/btc-vault/blob/main/docs/pegin.md\n */\n\nimport type { PeginStatusReader, WotsKeySubmitter, PresignClient, ClaimerArtifactsReader } from \"../../services/deposit/interfaces\";\n\nimport {\n type BearerTokenProvider,\n JsonRpcClient,\n type JsonRpcClientConfig,\n} from \"./json-rpc-client\";\nimport type {\n GetPeginStatusParams,\n GetPeginStatusResponse,\n GetPegoutStatusParams,\n GetPegoutStatusResponse,\n RequestDepositorClaimerArtifactsParams,\n RequestDepositorClaimerArtifactsResponse,\n RequestDepositorPresignTransactionsParams,\n RequestDepositorPresignTransactionsResponse,\n SubmitDepositorPresignaturesParams,\n SubmitDepositorWotsKeyParams,\n} from \"./types\";\nimport {\n validateGetPeginStatusResponse,\n validateGetPegoutStatusResponse,\n validateRequestDepositorClaimerArtifactsResponse,\n validateRequestDepositorPresignTransactionsResponse,\n} from \"./validators\";\n\nexport interface VaultProviderRpcClientOptions {\n /** Timeout in milliseconds per request (default: 60000) */\n timeout?: number;\n /** Number of retry attempts for safe methods (default: 3) */\n retries?: number;\n /** Initial retry delay in milliseconds (default: 1000) */\n retryDelay?: number;\n /**\n * Custom retry predicate. Default retries only the idempotent read\n * methods: `getPeginStatus`, `getPegoutStatus`,\n * `requestDepositorPresignTransactions`.\n */\n retryableFor?: (method: string) => boolean;\n /** Custom headers. */\n headers?: Record<string, string>;\n /**\n * Per-request bearer-token source. A non-null return attaches\n * `Authorization: Bearer <token>`; `null` skips auth. Wire a\n * {@link VpTokenProvider} for depositor-gated methods.\n */\n tokenProvider?: BearerTokenProvider;\n /** Maximum response body size, in bytes, for typed JSON-RPC calls */\n maxResponseBytes?: number;\n}\n\nconst DEFAULT_TIMEOUT_MS = 60_000;\n\n/**\n * Concrete VP RPC client implementing all service interfaces.\n *\n * Usage:\n * ```ts\n * const client = new VaultProviderRpcClient(\"https://vp.example.com/rpc\");\n * const status = await client.getPeginStatus({ pegin_txid: \"abc...\" });\n * ```\n */\nexport class VaultProviderRpcClient\n implements PeginStatusReader, WotsKeySubmitter, PresignClient, ClaimerArtifactsReader\n{\n private client: JsonRpcClient;\n\n constructor(baseUrl: string, options?: VaultProviderRpcClientOptions) {\n const config: JsonRpcClientConfig = {\n baseUrl,\n timeout: options?.timeout ?? DEFAULT_TIMEOUT_MS,\n retries: options?.retries,\n retryDelay: options?.retryDelay,\n retryableFor: options?.retryableFor,\n headers: options?.headers,\n tokenProvider: options?.tokenProvider,\n maxResponseBytes: options?.maxResponseBytes,\n };\n this.client = new JsonRpcClient(config);\n }\n\n /**\n * Request the payout/claim/assert transactions that the depositor\n * needs to pre-sign before the vault can be activated on Bitcoin.\n */\n async requestDepositorPresignTransactions(\n params: RequestDepositorPresignTransactionsParams,\n signal?: AbortSignal,\n ): Promise<RequestDepositorPresignTransactionsResponse> {\n const response = await this.client.call<\n RequestDepositorPresignTransactionsParams,\n unknown\n >(\"vaultProvider_requestDepositorPresignTransactions\", params, signal);\n validateRequestDepositorPresignTransactionsResponse(response);\n return response;\n }\n\n /**\n * Submit the depositor's pre-signatures for the payout transactions\n * and the depositor-as-claimer graph.\n */\n async submitDepositorPresignatures(\n params: SubmitDepositorPresignaturesParams,\n signal?: AbortSignal,\n ): Promise<void> {\n return this.client.call<SubmitDepositorPresignaturesParams, void>(\n \"vaultProvider_submitDepositorPresignatures\",\n params,\n signal,\n );\n }\n\n /**\n * Submit the depositor's WOTS public key to the vault provider.\n * Called after the pegin is finalized on Ethereum, when the VP is in\n * `PendingDepositorWotsPK` status.\n */\n async submitDepositorWotsKey(\n params: SubmitDepositorWotsKeyParams,\n signal?: AbortSignal,\n ): Promise<void> {\n return this.client.call<SubmitDepositorWotsKeyParams, void>(\n \"vaultProvider_submitDepositorWotsKey\",\n params,\n signal,\n );\n }\n\n /**\n * Request the BaBe DecryptorArtifacts needed for the depositor to\n * independently evaluate garbled circuits during a challenge.\n */\n async requestDepositorClaimerArtifacts(\n params: RequestDepositorClaimerArtifactsParams,\n signal?: AbortSignal,\n ): Promise<RequestDepositorClaimerArtifactsResponse> {\n const response = await this.client.call<\n RequestDepositorClaimerArtifactsParams,\n unknown\n >(\"vaultProvider_requestDepositorClaimerArtifacts\", params, signal);\n validateRequestDepositorClaimerArtifactsResponse(response);\n return response;\n }\n\n /** Get the current pegin status from the vault provider daemon. */\n async getPeginStatus(\n params: GetPeginStatusParams,\n signal?: AbortSignal,\n ): Promise<GetPeginStatusResponse> {\n const response = await this.client.call<GetPeginStatusParams, unknown>(\n \"vaultProvider_getPeginStatus\",\n params,\n signal,\n );\n validateGetPeginStatusResponse(response);\n return response;\n }\n\n /** Get the current pegout status from the vault provider daemon. */\n async getPegoutStatus(\n params: GetPegoutStatusParams,\n signal?: AbortSignal,\n ): Promise<GetPegoutStatusResponse> {\n const response = await this.client.call<GetPegoutStatusParams, unknown>(\n \"vaultProvider_getPegoutStatus\",\n params,\n signal,\n );\n validateGetPegoutStatusResponse(response);\n return response;\n }\n}\n","/**\n * BIP-322 \"simple\" signature verification for P2TR key-path.\n *\n * Mirrors the Rust reference in\n * `btc-vault/crates/btc-signer/src/message.rs::verify_bip322_message`\n * (which delegates to `rust-bitcoin::bip322::verify_simple` for a\n * P2TR key-path-only address with no merkle root).\n *\n * The algorithm:\n *\n * 1. Compute the BIP-322 tagged-hash of the message:\n * m_hash = SHA256( SHA256(tag) || SHA256(tag) || message )\n * where tag = \"BIP0322-signed-message\".\n *\n * 2. Build a virtual \"to_spend\" transaction with one input (prevout\n * all-zero txid + 0xFFFFFFFF vout, scriptSig = `OP_0 PUSH32 m_hash`,\n * sequence = 0) and one output (value 0, scriptPubKey = P2TR for\n * the signer's x-only pubkey).\n *\n * 3. Build a \"to_sign\" transaction that spends to_spend[0] and has a\n * single `OP_RETURN` output (value 0).\n *\n * 4. Compute the BIP-341 taproot sighash of to_sign input 0 with\n * SIGHASH_DEFAULT (0x00).\n *\n * 5. Verify the 64-byte Schnorr signature against the **tweaked**\n * output key `Q = P + tap_tweak(P) * G`, where `tap_tweak(P) =\n * hash_TapTweak(serialize_x_only(P))` (no merkle root — key-path\n * only).\n *\n * `bitcoinjs-lib` handles (2)–(4); `tiny-secp256k1-asmjs` provides\n * the tweak and Schnorr verify. Pulling in a full BIP-322 library\n * would add a peer dep for what amounts to ~40 lines of glue.\n *\n * @module tbv/core/clients/vault-provider/auth/bip322Verify\n */\n\nimport * as ecc from \"@bitcoin-js/tiny-secp256k1-asmjs\";\nimport { payments, Transaction } from \"bitcoinjs-lib\";\n\nimport { Buffer } from \"buffer\";\nimport { sha256 } from \"@noble/hashes/sha2.js\";\n\n/** BIP-322 message tag (BIP-340 tagged-hash style). */\nconst BIP322_TAG = \"BIP0322-signed-message\";\n\n/** BIP-341 taproot-tweak tag. */\nconst TAPTWEAK_TAG = \"TapTweak\";\n\nconst X_ONLY_PUBKEY_SIZE = 32;\nconst SCHNORR_SIG_SIZE = 64;\n\n/**\n * BIP-340 tagged hash: `SHA256( SHA256(tag) || SHA256(tag) || data )`.\n * Used for both BIP-322 message hashing and BIP-341 tap-tweak.\n */\nfunction taggedHash(tag: string, data: Uint8Array): Uint8Array {\n const tagBytes = new TextEncoder().encode(tag);\n const tagHash = sha256(tagBytes);\n const preimage = new Uint8Array(tagHash.length * 2 + data.length);\n preimage.set(tagHash, 0);\n preimage.set(tagHash, tagHash.length);\n preimage.set(data, tagHash.length * 2);\n return sha256(preimage);\n}\n\n/**\n * Apply BIP-341 taproot tweak to an x-only pubkey with no merkle\n * root (key-path-only address).\n *\n * `tap_tweak = hash_TapTweak(P)`\n * `Q = P + tap_tweak * G` (x-only, even-Y parity)\n *\n * Returns the tweaked 32-byte x-only pubkey, or null if the tweak\n * produces a point-at-infinity or invalid result.\n */\nfunction tweakXOnlyKey(xOnly: Uint8Array): Uint8Array | null {\n if (xOnly.length !== X_ONLY_PUBKEY_SIZE) return null;\n const tweak = taggedHash(TAPTWEAK_TAG, xOnly);\n const tweaked = ecc.xOnlyPointAddTweak(xOnly, tweak);\n return tweaked ? tweaked.xOnlyPubkey : null;\n}\n\n/**\n * Verify a BIP-322 \"simple\" P2TR key-path signature over an arbitrary\n * byte message.\n *\n * @internal Exposed only so the golden-vector test suite can pin the\n * verifier independently of `verifyServerIdentity`. Production callers\n * should use `verifyServerIdentity` from `./serverIdentity` instead.\n *\n * @param messageBytes - The bytes that were signed (e.g. a CBOR-encoded\n * payload). Not pre-hashed; this function applies\n * the BIP-322 tagged hash internally.\n * @param xOnlyPubkey - 32-byte x-only pubkey of the signer (pre-tweak).\n * @param signature - 64-byte raw Schnorr signature (BIP-340), as\n * emitted by a key-path witness with\n * SIGHASH_DEFAULT.\n * @returns `true` if the signature verifies against the address\n * derived from `xOnlyPubkey`; `false` otherwise.\n */\nexport function verifyBip322Simple(\n messageBytes: Uint8Array,\n xOnlyPubkey: Uint8Array,\n signature: Uint8Array,\n): boolean {\n if (xOnlyPubkey.length !== X_ONLY_PUBKEY_SIZE) return false;\n if (signature.length !== SCHNORR_SIG_SIZE) return false;\n\n // Any exception from the underlying crypto libraries (e.g. the\n // `Expected Point` error `tiny-secp256k1` throws when the supplied\n // 32 bytes don't represent a valid x-coordinate on secp256k1) is\n // treated as a verification failure rather than propagated — a\n // verifier MUST return a boolean, not raise.\n try {\n // Step 1: BIP-322 tagged hash of the message.\n const messageHash = taggedHash(BIP322_TAG, messageBytes);\n\n // Step 2: scriptPubKey for the signer's P2TR key-path-only address.\n // bitcoinjs-lib's `payments.p2tr({ internalPubkey })` computes the\n // tweak and produces the `OP_1 <tweaked_xonly>` output script.\n const p2tr = payments.p2tr({\n internalPubkey: Buffer.from(xOnlyPubkey),\n });\n if (!p2tr.output) return false;\n const scriptPubKey = p2tr.output;\n\n // Step 3: build to_spend virtual tx.\n //\n // NOTE: bitcoinjs-lib v6.x's `Transaction.addOutput` and\n // `hashForWitnessV1` are typed for `Satoshi` (a UInt53 number),\n // not `bigint`. Passing `BigInt(0)` triggers a typeforce\n // assertion in `addOutput` (\"Expected property '1' of type\n // Satoshi, got BigInt 0\") which our outer try/catch silently\n // turns into `verify -> false`. Use plain `0` everywhere.\n const ZERO_SATS = 0;\n const toSpend = new Transaction();\n toSpend.version = 0;\n toSpend.locktime = 0;\n // scriptSig: OP_0 (0x00) + OP_PUSHBYTES_32 (0x20) + message_hash (32B)\n const scriptSig = Buffer.concat([\n Buffer.from([0x00, 0x20]),\n Buffer.from(messageHash),\n ]);\n toSpend.addInput(\n Buffer.alloc(32, 0), // prev_txid = 0x0000...0000\n 0xffffffff, // prev_vout = 0xFFFFFFFF\n 0, // sequence = 0\n scriptSig,\n );\n toSpend.addOutput(scriptPubKey, ZERO_SATS);\n\n // Step 4: build to_sign virtual tx spending to_spend[0].\n const toSign = new Transaction();\n toSign.version = 0;\n toSign.locktime = 0;\n // Bitcoin txid in natural-byte (little-endian) form.\n const toSpendTxid = toSpend.getHash();\n toSign.addInput(toSpendTxid, 0, 0);\n toSign.addOutput(Buffer.from([0x6a]), ZERO_SATS); // OP_RETURN\n\n // Step 5: taproot sighash for to_sign input 0 (SIGHASH_DEFAULT).\n const sighash = toSign.hashForWitnessV1(\n 0,\n [scriptPubKey],\n [ZERO_SATS],\n Transaction.SIGHASH_DEFAULT,\n );\n\n // Step 6: tweak the x-only pubkey (no merkle root) and verify Schnorr.\n const tweakedXOnly = tweakXOnlyKey(xOnlyPubkey);\n if (!tweakedXOnly) return false;\n\n return ecc.verifySchnorr(sighash, tweakedXOnly, signature);\n } catch {\n return false;\n }\n}\n","/**\n * Minimal CBOR encoder for the server-identity payload shape.\n *\n * We only need to encode one specific CBOR structure — the 3-tuple\n * `(SERVER_IDENTITY_DOMAIN, ephemeral_pubkey_bytes, expires_at_u64)` —\n * byte-for-byte identical to what the Rust `ciborium` crate produces\n * for the corresponding tuple, because that's the exact message the\n * VP signs with BIP-322.\n *\n * IMPORTANT encoding quirk: the Rust side passes the domain and\n * pubkey as `&[u8]` / `Vec<u8>` without a `#[serde(with = \"serde_bytes\")]`\n * attribute, so serde/ciborium encodes them as **CBOR arrays of u8**\n * (major type 4, one item per byte) — NOT as CBOR byte strings (major\n * type 2). A naive byte-string encoding would produce the wrong bytes\n * and signature verification would fail.\n *\n * Rather than pull in a full CBOR dependency for this one shape, we\n * implement the exact subset inline (~40 LOC) and pin it with golden\n * vectors against the Rust reference output.\n *\n * @module tbv/core/clients/vault-provider/auth/cbor\n */\n\n/**\n * Encode a small CBOR unsigned-integer \"head\" byte for major type\n * `major` (0..7) with argument `arg` (0..2^64-1).\n *\n * Returns the header bytes; the caller concatenates any trailing data\n * (e.g. array elements). Encoding rules:\n * arg < 24 → single byte `(major << 5) | arg`\n * arg < 256 → `(major << 5) | 24` + 1-byte arg\n * arg < 65536 → `(major << 5) | 25` + 2-byte BE arg\n * arg < 2^32 → `(major << 5) | 26` + 4-byte BE arg\n * arg < 2^64 → `(major << 5) | 27` + 8-byte BE arg\n */\nfunction cborHead(major: number, arg: number | bigint): Uint8Array {\n const tag = (major & 0x07) << 5;\n const n = typeof arg === \"bigint\" ? arg : BigInt(arg);\n if (n < 0n) throw new Error(\"cborHead: negative argument\");\n\n if (n < 24n) return new Uint8Array([tag | Number(n)]);\n if (n < 0x100n) return new Uint8Array([tag | 24, Number(n)]);\n if (n < 0x10000n) {\n const v = Number(n);\n return new Uint8Array([tag | 25, (v >>> 8) & 0xff, v & 0xff]);\n }\n if (n < 0x1_0000_0000n) {\n const v = Number(n);\n return new Uint8Array([\n tag | 26,\n (v >>> 24) & 0xff,\n (v >>> 16) & 0xff,\n (v >>> 8) & 0xff,\n v & 0xff,\n ]);\n }\n // 8-byte BE for u64 range\n const out = new Uint8Array(9);\n out[0] = tag | 27;\n for (let i = 7; i >= 0; i--) {\n out[1 + i] = Number(n >> BigInt((7 - i) * 8)) & 0xff;\n }\n return out;\n}\n\nfunction concat(...parts: Uint8Array[]): Uint8Array {\n const total = parts.reduce((s, p) => s + p.length, 0);\n const out = new Uint8Array(total);\n let offset = 0;\n for (const p of parts) {\n out.set(p, offset);\n offset += p.length;\n }\n return out;\n}\n\n/**\n * Encode a `Vec<u8>` / `&[u8]` the way ciborium does by default — as a\n * CBOR array of u8 (major type 4), one element per byte.\n *\n * Each byte becomes a CBOR unsigned integer (major type 0): bytes\n * < 24 are encoded as single bytes, bytes 24..255 as `0x18 XX`.\n */\nfunction encodeBytesAsArrayOfU8(bytes: Uint8Array): Uint8Array {\n const header = cborHead(4, bytes.length);\n const items: Uint8Array[] = [header];\n for (const b of bytes) {\n items.push(cborHead(0, b));\n }\n return concat(...items);\n}\n\n/**\n * Encode the server-identity payload the Rust side signs:\n *\n * ciborium::into_writer(\n * &(SERVER_IDENTITY_DOMAIN, ephemeral_pubkey.serialize().to_vec(), expires_at),\n * buf\n * )\n *\n * Output bytes are byte-for-byte identical to the Rust reference,\n * pinned by the golden vector in the corresponding test file.\n *\n * @internal Exposed only for the golden-vector test that pins this\n * encoding against ciborium's output. Production callers reach this\n * via `verifyServerIdentity` from `./serverIdentity`.\n *\n * @param domain - Must be `\"btc-auth.server-identity.v1\"` (27 bytes)\n * — the constant from btc-vault's `server_identity.rs`.\n * @param ephemeralPubkeyCompressed - 33-byte SEC1-compressed pubkey.\n * @param expiresAt - Unix timestamp (seconds). Must be a safe integer.\n */\nexport function encodeServerIdentityPayload(\n domain: Uint8Array,\n ephemeralPubkeyCompressed: Uint8Array,\n expiresAt: number,\n): Uint8Array {\n if (!Number.isSafeInteger(expiresAt) || expiresAt < 0) {\n throw new Error(\n `encodeServerIdentityPayload: expires_at must be a non-negative safe integer, got ${expiresAt}`,\n );\n }\n const arrayHeader = cborHead(4, 3); // 3-tuple encoded as array of 3\n const domainBytes = encodeBytesAsArrayOfU8(domain);\n const pubkeyBytes = encodeBytesAsArrayOfU8(ephemeralPubkeyCompressed);\n const expiresAtBytes = cborHead(0, expiresAt);\n return concat(arrayHeader, domainBytes, pubkeyBytes, expiresAtBytes);\n}\n","/**\n * Server-identity verification for the vault provider's\n * `auth_createDepositorToken` response.\n *\n * The VP returns a `ServerIdentityResponse` bundled with every issued\n * token:\n *\n * - `server_pubkey`: VP's persistent x-only pubkey (HEX, 32B)\n * - `ephemeral_pubkey`: VP's ephemeral token-signing key (HEX, 33B compressed)\n * - `expires_at`: Unix timestamp when the ephemeral key expires\n * - `signature`: BIP-322 signature by the persistent key over\n * `(SERVER_IDENTITY_DOMAIN, ephemeral_pubkey, expires_at)`\n *\n * The FE pins `server_pubkey` against the on-chain `VaultProvider.btcPubKey`\n * it reads from the registry contract. A mismatch rejects the token.\n *\n * @module tbv/core/clients/vault-provider/auth/serverIdentity\n */\n\nimport * as ecc from \"@bitcoin-js/tiny-secp256k1-asmjs\";\n\nimport {\n COMPRESSED_PUBKEY_HEX_LEN,\n SCHNORR_SIG_HEX_LEN,\n stripHexPrefix,\n X_ONLY_PUBKEY_HEX_LEN,\n} from \"../../../primitives/utils/bitcoin\";\nimport { HEX_RE } from \"../../../utils/validation\";\n\nimport { verifyBip322Simple } from \"./bip322Verify\";\nimport { encodeServerIdentityPayload } from \"./cbor\";\n\n/**\n * Byte-string domain the btc-vault Rust reference passes as the first\n * element of the CBOR tuple signed over for server-identity proofs.\n * Must match `SERVER_IDENTITY_DOMAIN` in\n * `btc-vault/crates/btc-auth/src/server_identity.rs`.\n */\nconst SERVER_IDENTITY_DOMAIN = new TextEncoder().encode(\n \"btc-auth.server-identity.v1\",\n);\n\n/**\n * Wire representation from btc-vault's `ServerIdentityResponse`.\n */\nexport interface ServerIdentityResponse {\n /** Hex-encoded x-only (32-byte) persistent server pubkey. */\n server_pubkey: string;\n /** Hex-encoded compressed (33-byte) ephemeral token-signing pubkey. */\n ephemeral_pubkey: string;\n /** Unix timestamp at which the ephemeral key expires. */\n expires_at: number;\n /** Hex-encoded 64-byte BIP-322 Schnorr signature. */\n signature: string;\n}\n\nexport interface VerifyServerIdentityInput {\n /** The proof returned by `auth_createDepositorToken`. */\n proof: ServerIdentityResponse;\n /**\n * The x-only persistent server pubkey the FE expects (sourced from\n * the on-chain `VaultProvider.btcPubKey` via the vault registry\n * reader). 64-char lowercase hex, no `0x` prefix.\n */\n pinnedServerPubkey: string;\n /** Current Unix timestamp in seconds. Injected for testability. */\n now: number;\n}\n\nexport class ServerIdentityError extends Error {\n constructor(\n message: string,\n public readonly reason:\n | \"pinned_pubkey_mismatch\"\n | \"expired\"\n | \"invalid_expires_at\"\n | \"invalid_pubkey_encoding\"\n | \"invalid_ephemeral_pubkey\"\n | \"invalid_signature_encoding\"\n | \"signature_verification_failed\",\n ) {\n super(message);\n this.name = \"ServerIdentityError\";\n }\n}\n\n/** Parse a lowercase-hex string to bytes. Expects even length, already validated. */\nfunction hexToBytes(hex: string): Uint8Array {\n const out = new Uint8Array(hex.length / 2);\n for (let i = 0; i < out.length; i++) {\n out[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);\n }\n return out;\n}\n\n\n/**\n * Verify a server identity proof against a pinned server pubkey.\n *\n * Checks:\n * 1. `server_pubkey` matches the pin.\n * 2. `expires_at > now` (with integer guards).\n * 3. `ephemeral_pubkey` is a well-formed 33-byte compressed pubkey.\n * 4. `signature` is a well-formed 64-byte Schnorr hex string.\n * 5. The BIP-322 Schnorr signature cryptographically verifies\n * against `server_pubkey` over the CBOR-encoded tuple\n * `(SERVER_IDENTITY_DOMAIN, ephemeral_pubkey, expires_at)`.\n *\n * Step 5 is what actually binds the ephemeral key to the persistent\n * pubkey — without it, a TLS-MITM attacker who reads the pinned\n * pubkey from the on-chain registry could substitute an arbitrary\n * ephemeral pubkey paired with any lexically-valid signature.\n *\n * @throws ServerIdentityError on any validation failure.\n */\nexport function verifyServerIdentity(input: VerifyServerIdentityInput): void {\n const { proof, pinnedServerPubkey, now } = input;\n\n const pinned = stripHexPrefix(pinnedServerPubkey).toLowerCase();\n if (pinned.length !== X_ONLY_PUBKEY_HEX_LEN || !HEX_RE.test(pinned)) {\n throw new ServerIdentityError(\n `pinnedServerPubkey must be 32-byte hex; got ${pinned.length} chars`,\n \"invalid_pubkey_encoding\",\n );\n }\n\n const actual = stripHexPrefix(proof.server_pubkey).toLowerCase();\n if (actual.length !== X_ONLY_PUBKEY_HEX_LEN || !HEX_RE.test(actual)) {\n throw new ServerIdentityError(\n `server_pubkey must be 32-byte hex; got ${actual.length} chars`,\n \"invalid_pubkey_encoding\",\n );\n }\n\n if (actual !== pinned) {\n throw new ServerIdentityError(\n `server_pubkey does not match pinned value: expected ${pinned}, got ${actual}`,\n \"pinned_pubkey_mismatch\",\n );\n }\n\n // Validate both sides of the comparison are well-formed integers\n // BEFORE comparing — untrusted JSON-RPC input can supply\n // undefined/NaN/string values for `expires_at`, and relational\n // comparisons with those silently evaluate to `false` (accepting the\n // proof). Caller's `now` is injected but we still sanity-check it.\n // Garbage data and \"valid but past\" both render the proof unusable\n // but mean different things to a caller — keep the reasons distinct.\n if (!Number.isSafeInteger(proof.expires_at)) {\n throw new ServerIdentityError(\n `expires_at must be a finite integer; got ${JSON.stringify(proof.expires_at)}`,\n \"invalid_expires_at\",\n );\n }\n if (!Number.isSafeInteger(now)) {\n throw new ServerIdentityError(\n `now must be a finite integer; got ${JSON.stringify(now)}`,\n \"invalid_expires_at\",\n );\n }\n if (proof.expires_at <= now) {\n throw new ServerIdentityError(\n `server identity proof expired at ${proof.expires_at}, now ${now}`,\n \"expired\",\n );\n }\n\n const eph = stripHexPrefix(proof.ephemeral_pubkey).toLowerCase();\n if (eph.length !== COMPRESSED_PUBKEY_HEX_LEN || !HEX_RE.test(eph)) {\n throw new ServerIdentityError(\n `ephemeral_pubkey must be 33-byte compressed hex; got ${eph.length} chars`,\n \"invalid_ephemeral_pubkey\",\n );\n }\n const prefix = eph.slice(0, 2);\n if (prefix !== \"02\" && prefix !== \"03\") {\n throw new ServerIdentityError(\n `ephemeral_pubkey must be compressed (prefix 02/03); got ${prefix}`,\n \"invalid_ephemeral_pubkey\",\n );\n }\n // Curve validation. The BIP-322 signature attests to the byte string\n // of `ephemeral_pubkey` only, not to its curve validity. Without\n // this check, a server could sign a structurally-valid byte string\n // that doesn't decode to a secp256k1 point — passing verification\n // here and surfacing as an obscure crypto error later when the\n // depositor tries to use the key. Reject up front.\n const ephBytes = hexToBytes(eph);\n if (!ecc.isPoint(ephBytes)) {\n throw new ServerIdentityError(\n \"ephemeral_pubkey is not a valid secp256k1 point\",\n \"invalid_ephemeral_pubkey\",\n );\n }\n\n const sig = stripHexPrefix(proof.signature).toLowerCase();\n if (sig.length !== SCHNORR_SIG_HEX_LEN || !HEX_RE.test(sig)) {\n throw new ServerIdentityError(\n `signature must be 64-byte Schnorr hex; got ${sig.length} chars`,\n \"invalid_signature_encoding\",\n );\n }\n\n // Cryptographic verification of the BIP-322 signature over the\n // CBOR-encoded payload. Without this, the ephemeral-key binding is\n // unenforced and a TLS-MITM could substitute a fake ephemeral key\n // alongside the real (publicly-readable) pinned pubkey.\n const payload = encodeServerIdentityPayload(\n SERVER_IDENTITY_DOMAIN,\n hexToBytes(eph),\n proof.expires_at,\n );\n const verified = verifyBip322Simple(payload, hexToBytes(actual), hexToBytes(sig));\n if (!verified) {\n throw new ServerIdentityError(\n \"BIP-322 signature verification failed — ephemeral key is not attested by pinned server pubkey\",\n \"signature_verification_failed\",\n );\n }\n}\n","/**\n * VP RPC methods that require `Authorization: Bearer <token>`.\n * Protocol invariant — must be kept in sync with the VP server.\n *\n * @stability frozen\n *\n * @module tbv/core/clients/vault-provider/auth/gatedMethods\n */\n\nexport const AUTH_GATED_METHODS: ReadonlySet<string> = new Set([\n \"vaultProvider_submitDepositorWotsKey\",\n \"vaultProvider_submitDepositorPresignatures\",\n \"vaultProvider_requestDepositorPresignTransactions\",\n]);\n","/**\n * Shared internals for the unauthenticated token-issuing JSON-RPC\n * client. The \"inner\" client is dedicated to `auth_createDepositorToken`\n * — it MUST NOT carry a `tokenProvider`, else the JSON-RPC header\n * builder would recurse into token acquisition.\n *\n * @module tbv/core/clients/vault-provider/auth/innerTokenClient\n */\n\nimport { JsonRpcClient } from \"../json-rpc-client\";\n\nconst TOKEN_RPC_TIMEOUT_MS = 60_000;\n\nexport const TOKEN_ISSUE_METHOD = \"auth_createDepositorToken\";\n\nexport function buildInnerTokenClient(\n baseUrl: string,\n headers?: Record<string, string>,\n): JsonRpcClient {\n return new JsonRpcClient({\n baseUrl,\n timeout: TOKEN_RPC_TIMEOUT_MS,\n headers,\n retryableFor: (method) => method === TOKEN_ISSUE_METHOD,\n });\n}\n","/**\n * `VpTokenProvider` — caches CWT bearer tokens issued by the vault\n * provider's `auth_createDepositorToken` RPC, with lazy expiry check\n * and single-flight concurrent acquire.\n *\n * Usage:\n *\n * ```ts\n * const provider = new VpTokenProvider({\n * client,\n * peginTxid,\n * authAnchorHex,\n * pinnedServerPubkey,\n * authGatedMethods,\n * });\n * const bearer = await provider.getToken(method); // null if not gated\n * ```\n *\n * The provider implements the `BearerTokenProvider` interface expected\n * by `JsonRpcClient`. Plug directly:\n *\n * ```ts\n * const client = new JsonRpcClient({ ..., tokenProvider: provider });\n * ```\n *\n * @module tbv/core/clients/vault-provider/auth/tokenProvider\n */\n\nimport type { OnChainBtcPubkey } from \"../../eth/types\";\nimport type { BearerTokenProvider, JsonRpcClient } from \"../json-rpc-client\";\nimport { TOKEN_ISSUE_METHOD } from \"./innerTokenClient\";\nimport {\n type ServerIdentityResponse,\n verifyServerIdentity,\n} from \"./serverIdentity\";\n\n/**\n * Maximum reasonable `expires_at` value (seconds since epoch). Guards\n * against a bogus far-future timestamp that would lock the cache on a\n * bad token forever. Jan 1, 2100 in Unix seconds.\n */\nconst MAX_EXPIRES_AT_SECS = 4_102_444_800;\n\n/**\n * Default safety margin before `expires_at` — we treat a token as\n * expired this many seconds before its stated expiry so that in-flight\n * requests don't race the expiry boundary.\n */\nconst DEFAULT_REFRESH_SKEW_SECS = 30;\n\n/**\n * Wire response shape of `auth_createDepositorToken`.\n */\nexport interface CreateDepositorTokenResponse {\n /** Base64url-encoded COSE Sign1 CWT bearer token. */\n token: string;\n /** Unix timestamp at which the token expires. */\n expires_at: number;\n /** Server identity proof bundled with every token response. */\n server_identity: ServerIdentityResponse;\n}\n\nexport interface VpTokenProviderConfig {\n client: JsonRpcClient;\n /** Per-vault depositor-signed PegIn tx id. NOT shared across sibling vaults in a batch. */\n peginTxid: string;\n /** 64-char hex of the 32-byte OP_RETURN auth-anchor preimage. */\n authAnchorHex: string;\n /** Pinned VP pubkey from the on-chain registry; branded so indexer mirrors can't substitute. */\n pinnedServerPubkey: OnChainBtcPubkey;\n /** Methods that require a bearer; `getToken` returns `null` for anything outside this set. */\n authGatedMethods: ReadonlySet<string>;\n /** Default {@link DEFAULT_REFRESH_SKEW_SECS}. */\n refreshSkewSecs?: number;\n /** Clock source for testability. */\n now?: () => number;\n}\n\ninterface CachedToken {\n token: string;\n expiresAt: number;\n}\n\n/**\n * Acquire, cache, and refresh VP bearer tokens.\n *\n * Implements {@link BearerTokenProvider}. Safe to pass directly into\n * `JsonRpcClient` as `tokenProvider`.\n */\nexport class VpTokenProvider implements BearerTokenProvider {\n // `client` is the only mutable field — see `setClient`. The\n // identity-bearing fields (peginTxid/authAnchorHex/pinnedServerPubkey)\n // remain readonly and are checked against re-registration in the\n // registry's `getOrCreate`.\n private client: JsonRpcClient;\n private readonly peginTxid: string;\n private readonly authAnchorHex: string;\n private readonly pinnedServerPubkey: OnChainBtcPubkey;\n private readonly authGatedMethods: ReadonlySet<string>;\n private readonly refreshSkewSecs: number;\n private readonly now: () => number;\n\n private cached: CachedToken | null = null;\n private inFlight: Promise<CachedToken> | null = null;\n\n constructor(config: VpTokenProviderConfig) {\n this.client = config.client;\n this.peginTxid = config.peginTxid;\n this.authAnchorHex = config.authAnchorHex;\n this.pinnedServerPubkey = config.pinnedServerPubkey;\n this.authGatedMethods = config.authGatedMethods;\n this.refreshSkewSecs = config.refreshSkewSecs ?? DEFAULT_REFRESH_SKEW_SECS;\n this.now = config.now ?? (() => Math.floor(Date.now() / 1000));\n }\n\n /**\n * Return a bearer token for `method`, or `null` if `method` is not\n * auth-gated. Triggers a token acquisition if no token is cached or\n * the cached token is within {@link refreshSkewSecs} of expiry.\n *\n * The token-issuing method itself is hard-exempted from the gate —\n * if `auth_createDepositorToken` were ever included in\n * `authGatedMethods` (caller misconfiguration) the provider would\n * recurse into `acquireSingleFlight` from inside the JSON-RPC header\n * builder before `inFlight` is assigned, defeating the single-flight\n * guard. Returning `null` here breaks that recursion deterministically.\n */\n async getToken(method: string): Promise<string | null> {\n if (method === TOKEN_ISSUE_METHOD) return null;\n if (!this.authGatedMethods.has(method)) return null;\n\n const cached = this.cached;\n if (cached && this.now() + this.refreshSkewSecs < cached.expiresAt) {\n return cached.token;\n }\n\n const fresh = await this.acquireSingleFlight();\n return fresh.token;\n }\n\n /**\n * Drop the cached token. Next `getToken` call re-acquires.\n * Called by `JsonRpcClient` on wire `auth_expired` responses.\n */\n invalidate(): void {\n this.cached = null;\n // Do NOT clear `inFlight` — a concurrent acquire is still valid;\n // the invalidator is saying \"the cached token is bad\", not \"any\n // in-flight acquire is bad\". The in-flight acquire will populate\n // a fresh `cached` on completion.\n }\n\n /**\n * Swap in a different transport for subsequent token-issuing calls.\n * Used by the registry when a later caller registers the same\n * `peginTxid` against a different `baseUrl` — the cached token\n * (bound to identity, not transport) stays valid, but future\n * refreshes hit the new URL. An in-flight acquire keeps using the\n * old client (it captured the reference); next call uses the new.\n */\n setClient(client: JsonRpcClient): void {\n this.client = client;\n }\n\n private acquireSingleFlight(): Promise<CachedToken> {\n const existing = this.inFlight;\n if (existing) return existing;\n\n const p = (async () => {\n try {\n const response = await this.client.call<\n { pegin_txid: string; auth_anchor: string },\n CreateDepositorTokenResponse\n >(TOKEN_ISSUE_METHOD, {\n pegin_txid: this.peginTxid,\n auth_anchor: this.authAnchorHex,\n });\n\n verifyServerIdentity({\n proof: response.server_identity,\n pinnedServerPubkey: this.pinnedServerPubkey,\n now: this.now(),\n });\n\n // Validate wire payload before caching so a malformed response\n // from a compromised VP or proxy can't poison the cache with\n // unusable values (non-string token, non-integer expiry, etc.).\n if (typeof response.token !== \"string\" || response.token.length === 0) {\n throw new Error(\n `VpTokenProvider: invalid token in acquire response (expected non-empty string, got ${typeof response.token})`,\n );\n }\n const now = this.now();\n if (\n !Number.isSafeInteger(response.expires_at) ||\n response.expires_at <= now ||\n response.expires_at > MAX_EXPIRES_AT_SECS\n ) {\n throw new Error(\n `VpTokenProvider: invalid expires_at in acquire response (got ${JSON.stringify(response.expires_at)}; must be a safe integer in (${now}, ${MAX_EXPIRES_AT_SECS}])`,\n );\n }\n\n const fresh: CachedToken = {\n token: response.token,\n expiresAt: response.expires_at,\n };\n this.cached = fresh;\n return fresh;\n } finally {\n this.inFlight = null;\n }\n })();\n\n this.inFlight = p;\n return p;\n }\n}\n","/**\n * In-memory registry of {@link VpTokenProvider} instances keyed by\n * the per-vault depositor-signed PegIn tx hash. Module-level\n * singleton, per-tab, never persisted.\n *\n * @module tbv/core/clients/vault-provider/auth/tokenRegistry\n */\n\nimport type { OnChainBtcPubkey } from \"../../eth/types\";\nimport type { JsonRpcClient } from \"../json-rpc-client\";\n\nimport { AUTH_GATED_METHODS } from \"./gatedMethods\";\nimport { VpTokenProvider } from \"./tokenProvider\";\n\nexport interface VpTokenRegistryInput {\n client: JsonRpcClient;\n peginTxid: string;\n authAnchorHex: string;\n pinnedServerPubkey: OnChainBtcPubkey;\n}\n\ninterface RegistryEntry {\n provider: VpTokenProvider;\n authAnchorHex: string;\n pinnedServerPubkey: OnChainBtcPubkey;\n}\n\nexport class VpTokenRegistry {\n private readonly entries = new Map<string, RegistryEntry>();\n\n /**\n * Return the cached `VpTokenProvider` for `peginTxid` if one exists\n * with matching `authAnchorHex` and `pinnedServerPubkey`, otherwise\n * construct and cache a fresh provider. A mismatch on either field\n * throws — silent overwrite would mask derivation drift or VP\n * pubkey rotation.\n */\n getOrCreate(input: VpTokenRegistryInput): VpTokenProvider {\n const existing = this.entries.get(input.peginTxid);\n if (existing) {\n if (existing.authAnchorHex !== input.authAnchorHex) {\n throw new Error(\n `VpTokenRegistry: peginTxid ${input.peginTxid} already bound to authAnchorHex ${existing.authAnchorHex.slice(0, 8)}…; got ${input.authAnchorHex.slice(0, 8)}…`,\n );\n }\n if (existing.pinnedServerPubkey !== input.pinnedServerPubkey) {\n throw new Error(\n `VpTokenRegistry: peginTxid ${input.peginTxid} already bound to pinnedServerPubkey ${existing.pinnedServerPubkey.slice(0, 8)}…; got ${input.pinnedServerPubkey.slice(0, 8)}…`,\n );\n }\n // Refresh the inner transport on every reuse so a VP URL\n // change between calls doesn't leave the cached provider\n // pinned to a dead URL for token refresh.\n existing.provider.setClient(input.client);\n return existing.provider;\n }\n\n const provider = new VpTokenProvider({\n client: input.client,\n peginTxid: input.peginTxid,\n authAnchorHex: input.authAnchorHex,\n pinnedServerPubkey: input.pinnedServerPubkey,\n authGatedMethods: AUTH_GATED_METHODS,\n });\n this.entries.set(input.peginTxid, {\n provider,\n authAnchorHex: input.authAnchorHex,\n pinnedServerPubkey: input.pinnedServerPubkey,\n });\n return provider;\n }\n\n /** Return the cached provider, or `undefined` if none. */\n peek(peginTxid: string): VpTokenProvider | undefined {\n return this.entries.get(peginTxid)?.provider;\n }\n\n /**\n * Evict the entry for `peginTxid`. Idempotent. Called on terminal\n * paths — activation success, user-cancel, or component unmount —\n * so `authAnchorHex` doesn't outlive the deposit session.\n */\n release(peginTxid: string): void {\n this.entries.delete(peginTxid);\n }\n\n /**\n * Wipe every cached entry. Test-only escape hatch — not exposed on\n * the public {@link VpTokenRegistryPublic} singleton type.\n *\n * @internal\n */\n clear(): void {\n this.entries.clear();\n }\n\n get size(): number {\n return this.entries.size;\n }\n}\n\n/**\n * Public surface of the singleton — excludes the test-only `clear`\n * method.\n */\nexport interface VpTokenRegistryPublic {\n getOrCreate(input: VpTokenRegistryInput): VpTokenProvider;\n peek(peginTxid: string): VpTokenProvider | undefined;\n release(peginTxid: string): void;\n readonly size: number;\n}\n\nexport const vpTokenRegistry: VpTokenRegistryPublic = new VpTokenRegistry();\n","/**\n * Build a {@link VaultProviderRpcClient} that auto-attaches CWT\n * bearer tokens on auth-gated methods. Caller pre-derives both the\n * `authAnchorHex` (from the wallet) and the `pinnedServerPubkey`\n * (from the on-chain registry) and hands them in — the SDK has no\n * notion of wallets here.\n *\n * @module tbv/core/clients/vault-provider/auth/createAuthenticatedVpClient\n */\n\nimport type { OnChainBtcPubkey } from \"../../eth/types\";\nimport {\n VaultProviderRpcClient,\n type VaultProviderRpcClientOptions,\n} from \"../api\";\n\nimport { buildInnerTokenClient } from \"./innerTokenClient\";\nimport { vpTokenRegistry } from \"./tokenRegistry\";\n\nexport interface AuthenticatedVpClientConfig {\n /** Base URL of the VP RPC endpoint (already proxied if applicable). */\n baseUrl: string;\n /** Per-vault depositor-signed PegIn tx id (registry cache key). */\n peginTxid: string;\n /** Already-derived 32-byte auth-anchor preimage (64-char hex, no `0x`). */\n authAnchorHex: string;\n /** On-chain VP pubkey, branded so it can only come from the registry reader. */\n pinnedServerPubkey: OnChainBtcPubkey;\n /** Optional outer-client tunables (timeout, retries, headers, etc.). */\n options?: VaultProviderRpcClientOptions;\n}\n\nexport function createAuthenticatedVpClient(\n config: AuthenticatedVpClientConfig,\n): VaultProviderRpcClient {\n const innerTokenClient = buildInnerTokenClient(\n config.baseUrl,\n config.options?.headers,\n );\n\n const tokenProvider = vpTokenRegistry.getOrCreate({\n client: innerTokenClient,\n peginTxid: config.peginTxid,\n authAnchorHex: config.authAnchorHex,\n pinnedServerPubkey: config.pinnedServerPubkey,\n });\n\n return new VaultProviderRpcClient(config.baseUrl, {\n ...config.options,\n tokenProvider,\n });\n}\n","/**\n * Pre-populate {@link vpTokenRegistry} when the caller already has\n * both the auth-anchor preimage and the on-chain VP pubkey. Seeds\n * the cache for a `peginTxid` so a later `createAuthenticatedVpClient`\n * call reuses the cached `VpTokenProvider` instead of rebuilding it.\n *\n * @module tbv/core/clients/vault-provider/auth/primeVpAuth\n */\n\nimport type { OnChainBtcPubkey } from \"../../eth/types\";\n\nimport { buildInnerTokenClient } from \"./innerTokenClient\";\nimport { vpTokenRegistry } from \"./tokenRegistry\";\n\nexport interface PrimeVpAuthInput {\n baseUrl: string;\n peginTxid: string;\n authAnchorHex: string;\n pinnedServerPubkey: OnChainBtcPubkey;\n /** Optional headers forwarded to the inner token client (e.g. gateway auth). */\n headers?: Record<string, string>;\n}\n\nexport function primeVpTokenRegistry(input: PrimeVpAuthInput): void {\n vpTokenRegistry.getOrCreate({\n client: buildInnerTokenClient(input.baseUrl, input.headers),\n peginTxid: input.peginTxid,\n authAnchorHex: input.authAnchorHex,\n pinnedServerPubkey: input.pinnedServerPubkey,\n });\n}\n","/**\n * Contract Address Resolver\n *\n * Resolves ProtocolParams and ApplicationRegistry contract addresses\n * from the BTCVaultRegistry contract. These addresses are needed to\n * construct the SDK's contract readers.\n *\n * @module clients/eth/contract-address-resolver\n */\n\nimport type { Address, PublicClient } from \"viem\";\n\nimport { BTCVaultRegistryABI } from \"../../contracts/abis/BTCVaultRegistry.abi\";\n\nexport interface ProtocolAddresses {\n /** Address of the ProtocolParams contract */\n protocolParams: Address;\n /** Address of the ApplicationRegistry contract */\n applicationRegistry: Address;\n}\n\n/**\n * Resolve ProtocolParams and ApplicationRegistry addresses from BTCVaultRegistry.\n *\n * Uses a single multicall for atomicity and efficiency.\n *\n * @param publicClient - viem PublicClient instance\n * @param btcVaultRegistryAddress - Address of the BTCVaultRegistry contract\n * @returns Resolved contract addresses\n */\nexport async function resolveProtocolAddresses(\n publicClient: PublicClient,\n btcVaultRegistryAddress: Address,\n): Promise<ProtocolAddresses> {\n const [protocolParams, applicationRegistry] = await publicClient.multicall({\n contracts: [\n {\n address: btcVaultRegistryAddress,\n abi: BTCVaultRegistryABI,\n functionName: \"protocolParams\",\n },\n {\n address: btcVaultRegistryAddress,\n abi: BTCVaultRegistryABI,\n functionName: \"applicationRegistry\",\n },\n ],\n allowFailure: false,\n });\n\n return {\n protocolParams: protocolParams as Address,\n applicationRegistry: applicationRegistry as Address,\n };\n}\n","/**\n * Concrete ProtocolParams reader using viem's readContract and multicall.\n *\n * This is an optional utility — callers can use their own implementation\n * of the ProtocolParamsReader interface.\n */\n\nimport type { Address, Hex, PublicClient } from \"viem\";\n\nimport { ProtocolParamsABI } from \"../../contracts/abis/ProtocolParams.abi\";\nimport type {\n PegInConfiguration,\n ProtocolParamsReader,\n TBVProtocolParams,\n VersionedOffchainParams,\n} from \"./types\";\n\n/**\n * Maximum value for a Solidity uint16.\n * PeginLogic.sol casts timelockAssert to uint16, so values above this are invalid.\n */\nconst UINT16_MAX = 65535;\n\n/**\n * Raw shape viem returns for VersionedOffchainParams struct.\n * viem resolves ABI struct outputs to named objects (not tuples).\n */\ninterface RawOffchainParams {\n timelockAssert: bigint;\n timelockChallengeAssert: bigint;\n securityCouncilKeys: readonly Hex[];\n councilQuorum: number;\n feeRate: bigint;\n babeTotalInstances: number;\n babeInstancesToFinalize: number;\n minVpCommissionBps: number;\n tRefund: number;\n tStale: number;\n minPeginFeeRate: bigint;\n proverProgramVersion: number;\n minPrepeginDepth: number;\n}\n\n/** Raw shape viem returns for TBVProtocolParams struct. */\ninterface RawTBVParams {\n minimumPegInAmount: bigint;\n maxPegInAmount: bigint;\n pegInAckTimeout: bigint;\n pegInActivationTimeout: bigint;\n maxHtlcOutputCount: number;\n}\n\n/** Map viem struct result to VersionedOffchainParams. */\nfunction mapOffchainParams(result: RawOffchainParams): VersionedOffchainParams {\n return {\n timelockAssert: result.timelockAssert,\n timelockChallengeAssert: result.timelockChallengeAssert,\n securityCouncilKeys: [...result.securityCouncilKeys],\n councilQuorum: result.councilQuorum,\n feeRate: result.feeRate,\n babeTotalInstances: result.babeTotalInstances,\n babeInstancesToFinalize: result.babeInstancesToFinalize,\n minVpCommissionBps: result.minVpCommissionBps,\n tRefund: result.tRefund,\n tStale: result.tStale,\n minPeginFeeRate: result.minPeginFeeRate,\n proverProgramVersion: result.proverProgramVersion,\n minPrepeginDepth: result.minPrepeginDepth,\n };\n}\n\n/** Map viem struct result to TBVProtocolParams. */\nfunction mapTBVParams(result: RawTBVParams): TBVProtocolParams {\n return {\n minimumPegInAmount: result.minimumPegInAmount,\n maxPegInAmount: result.maxPegInAmount,\n pegInAckTimeout: result.pegInAckTimeout,\n pegInActivationTimeout: result.pegInActivationTimeout,\n maxHtlcOutputCount: result.maxHtlcOutputCount,\n };\n}\n\n/**\n * Derive timelockPegin from timelockAssert.\n *\n * Matches PeginLogic.sol: `uint16(timelockAssert)`.\n * The contract validates `timelockAssert <= type(uint16).max` on write,\n * but we enforce the same bound here to reject invalid values early\n * rather than silently truncating.\n *\n * @throws if timelockAssert exceeds uint16 max (65535)\n */\nfunction deriveTimelockPegin(timelockAssert: bigint): number {\n if (timelockAssert > BigInt(UINT16_MAX)) {\n throw new Error(\n `timelockAssert value ${timelockAssert} exceeds uint16 max (${UINT16_MAX})`,\n );\n }\n return Number(timelockAssert);\n}\n\n/**\n * Concrete protocol params reader using viem.\n *\n * Usage:\n * ```ts\n * const reader = new ViemProtocolParamsReader(publicClient, protocolParamsAddress);\n * const config = await reader.getPegInConfiguration();\n * ```\n */\nexport class ViemProtocolParamsReader implements ProtocolParamsReader {\n constructor(\n private publicClient: PublicClient,\n private contractAddress: Address,\n ) {}\n\n async getTBVProtocolParams(): Promise<TBVProtocolParams> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ProtocolParamsABI,\n functionName: \"getTBVProtocolParams\",\n })) as RawTBVParams;\n\n return mapTBVParams(result);\n }\n\n async getLatestOffchainParams(): Promise<VersionedOffchainParams> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ProtocolParamsABI,\n functionName: \"getLatestOffchainParams\",\n })) as RawOffchainParams;\n\n return mapOffchainParams(result);\n }\n\n async getOffchainParamsByVersion(\n version: number,\n ): Promise<VersionedOffchainParams> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ProtocolParamsABI,\n functionName: \"getOffchainParamsByVersion\",\n args: [version],\n })) as RawOffchainParams;\n\n return mapOffchainParams(result);\n }\n\n async getLatestOffchainParamsVersion(): Promise<number> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ProtocolParamsABI,\n functionName: \"latestOffchainParamsVersion\",\n })) as number;\n\n return result;\n }\n\n async getTimelockPeginByVersion(version: number): Promise<number> {\n const params = await this.getOffchainParamsByVersion(version);\n return deriveTimelockPegin(params.timelockAssert);\n }\n\n /**\n * Read TBV protocol params and latest offchain params atomically via multicall.\n * Prevents TOCTOU inconsistency if governance updates params between reads.\n */\n async getPegInConfiguration(): Promise<PegInConfiguration> {\n const results = await this.publicClient.multicall({\n contracts: [\n {\n address: this.contractAddress,\n abi: ProtocolParamsABI,\n functionName: \"getTBVProtocolParams\",\n },\n {\n address: this.contractAddress,\n abi: ProtocolParamsABI,\n functionName: \"getLatestOffchainParams\",\n },\n ],\n allowFailure: false,\n });\n\n const tbvParams = mapTBVParams(results[0] as RawTBVParams);\n const offchainParams = mapOffchainParams(results[1] as RawOffchainParams);\n\n return {\n minimumPegInAmount: tbvParams.minimumPegInAmount,\n maxPegInAmount: tbvParams.maxPegInAmount,\n pegInAckTimeout: tbvParams.pegInAckTimeout,\n pegInActivationTimeout: tbvParams.pegInActivationTimeout,\n maxHtlcOutputCount: tbvParams.maxHtlcOutputCount,\n timelockPegin: deriveTimelockPegin(offchainParams.timelockAssert),\n timelockRefund: offchainParams.tRefund,\n minVpCommissionBps: offchainParams.minVpCommissionBps,\n offchainParams,\n };\n }\n}\n","/**\n * Concrete signer-set readers for vault keepers and universal challengers.\n *\n * These are optional utilities — callers can use their own implementations\n * of the VaultKeeperReader and UniversalChallengerReader interfaces.\n */\n\nimport type { Address, Hex, PublicClient } from \"viem\";\n\nimport { ApplicationRegistryABI } from \"../../contracts/abis/ApplicationRegistry.abi\";\nimport { ProtocolParamsABI } from \"../../contracts/abis/ProtocolParams.abi\";\nimport type {\n AddressBTCKeyPair,\n UniversalChallengerReader,\n VaultKeeperReader,\n} from \"./types\";\n\n/** Map viem tuple array to AddressBTCKeyPair[]. */\nfunction mapKeyPairs(\n result: readonly { ethAddress: Address; btcPubKey: Hex }[],\n): AddressBTCKeyPair[] {\n return result.map((pair) => ({\n ethAddress: pair.ethAddress,\n btcPubKey: pair.btcPubKey,\n }));\n}\n\n/**\n * Reads vault keepers from the ApplicationRegistry contract.\n *\n * Usage:\n * ```ts\n * const reader = new ViemVaultKeeperReader(publicClient, applicationRegistryAddress);\n * const keepers = await reader.getCurrentVaultKeepers(appEntryPoint);\n * ```\n */\nexport class ViemVaultKeeperReader implements VaultKeeperReader {\n constructor(\n private publicClient: PublicClient,\n private contractAddress: Address,\n ) {}\n\n async getVaultKeepersByVersion(\n appEntryPoint: Address,\n version: number,\n ): Promise<AddressBTCKeyPair[]> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ApplicationRegistryABI,\n functionName: \"getVaultKeepersByVersion\",\n args: [appEntryPoint, version],\n })) as readonly { ethAddress: Address; btcPubKey: Hex }[];\n\n return mapKeyPairs(result);\n }\n\n async getCurrentVaultKeepers(\n appEntryPoint: Address,\n ): Promise<AddressBTCKeyPair[]> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ApplicationRegistryABI,\n functionName: \"getCurrentVaultKeepers\",\n args: [appEntryPoint],\n })) as readonly { ethAddress: Address; btcPubKey: Hex }[];\n\n return mapKeyPairs(result);\n }\n\n async getCurrentVaultKeepersVersion(\n appEntryPoint: Address,\n ): Promise<number> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ApplicationRegistryABI,\n functionName: \"getCurrentVaultKeepersVersion\",\n args: [appEntryPoint],\n })) as number;\n\n return result;\n }\n}\n\n/**\n * Reads universal challengers from the ProtocolParams contract.\n *\n * Usage:\n * ```ts\n * const reader = new ViemUniversalChallengerReader(publicClient, protocolParamsAddress);\n * const challengers = await reader.getCurrentUniversalChallengers();\n * ```\n */\nexport class ViemUniversalChallengerReader implements UniversalChallengerReader {\n constructor(\n private publicClient: PublicClient,\n private contractAddress: Address,\n ) {}\n\n async getUniversalChallengersByVersion(\n version: number,\n ): Promise<AddressBTCKeyPair[]> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ProtocolParamsABI,\n functionName: \"getUniversalChallengersByVersion\",\n args: [version],\n })) as readonly { ethAddress: Address; btcPubKey: Hex }[];\n\n return mapKeyPairs(result);\n }\n\n async getCurrentUniversalChallengers(): Promise<AddressBTCKeyPair[]> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ProtocolParamsABI,\n functionName: \"getCurrentUniversalChallengers\",\n })) as readonly { ethAddress: Address; btcPubKey: Hex }[];\n\n return mapKeyPairs(result);\n }\n\n async getLatestUniversalChallengersVersion(): Promise<number> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ProtocolParamsABI,\n functionName: \"latestUniversalChallengersVersion\",\n })) as number;\n\n return result;\n }\n}\n","/**\n * Concrete BTCVaultRegistry reader using viem's readContract.\n *\n * This is an optional utility — callers can use their own implementation\n * of the VaultRegistryReader interface.\n */\n\nimport * as ecc from \"@bitcoin-js/tiny-secp256k1-asmjs\";\nimport type { Address, Hex, PublicClient } from \"viem\";\n\nimport { hexToUint8Array } from \"../../primitives/utils/bitcoin\";\nimport { BTCVaultRegistryABI } from \"../../contracts/abis/BTCVaultRegistry.abi\";\nimport type {\n OnChainBtcPubkey,\n VaultBasicInfo,\n VaultData,\n VaultProtocolInfo,\n VaultRegistryReader,\n} from \"./types\";\n\n/**\n * Concrete vault registry reader using viem.\n *\n * Usage:\n * ```ts\n * const reader = new ViemVaultRegistryReader(publicClient, registryAddress);\n * const data = await reader.getVaultData(vaultId);\n * ```\n */\nexport class ViemVaultRegistryReader implements VaultRegistryReader {\n constructor(\n private publicClient: PublicClient,\n private contractAddress: Address,\n ) {}\n\n /**\n * Read the VP's persistent x-only BTC pubkey from the on-chain\n * registry. Validates length, hex form, and secp256k1 curve\n * membership before minting the brand. Returns 64-char lowercase\n * hex without the `0x` prefix.\n */\n async getVaultProviderBtcPubKey(\n vpAddress: Address,\n ): Promise<OnChainBtcPubkey> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: BTCVaultRegistryABI,\n functionName: \"getVaultProviderBTCKey\",\n args: [vpAddress],\n })) as Hex;\n const lowered = result.toLowerCase();\n if (!/^0x[0-9a-f]{64}$/.test(lowered)) {\n throw new Error(\n `getVaultProviderBTCKey returned an unexpected value (vp=${vpAddress}, length ${lowered.length}, prefix \"${lowered.slice(0, 2)}\")`,\n );\n }\n const stripped = lowered.slice(2);\n if (!ecc.isXOnlyPoint(hexToUint8Array(stripped))) {\n throw new Error(\n `getVaultProviderBTCKey returned a value that is not on the secp256k1 curve (vp=${vpAddress})`,\n );\n }\n return stripped as OnChainBtcPubkey;\n }\n\n async getVaultBasicInfo(vaultId: Hex): Promise<VaultBasicInfo> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: BTCVaultRegistryABI,\n functionName: \"getBtcVaultBasicInfo\",\n args: [vaultId],\n })) as {\n depositor: Address;\n depositorBtcPubKey: Hex;\n amount: bigint;\n vaultProvider: Address;\n status: number;\n applicationEntryPoint: Address;\n createdAt: bigint;\n };\n\n return {\n depositor: result.depositor,\n depositorBtcPubKey: result.depositorBtcPubKey,\n amount: result.amount,\n vaultProvider: result.vaultProvider,\n status: result.status,\n applicationEntryPoint: result.applicationEntryPoint,\n createdAt: result.createdAt,\n };\n }\n\n async getVaultProtocolInfo(vaultId: Hex): Promise<VaultProtocolInfo> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: BTCVaultRegistryABI,\n functionName: \"getBtcVaultProtocolInfo\",\n args: [vaultId],\n })) as {\n depositorSignedPeginTx: Hex;\n universalChallengersVersion: number;\n appVaultKeepersVersion: number;\n offchainParamsVersion: number;\n verifiedAt: bigint;\n depositorWotsPkHash: Hex;\n hashlock: Hex;\n htlcVout: number;\n depositorPopSignature: Hex;\n prePeginTxHash: Hex;\n vaultProviderCommissionBps: number;\n };\n\n return {\n depositorSignedPeginTx: result.depositorSignedPeginTx,\n universalChallengersVersion: result.universalChallengersVersion,\n appVaultKeepersVersion: result.appVaultKeepersVersion,\n offchainParamsVersion: result.offchainParamsVersion,\n verifiedAt: result.verifiedAt,\n depositorWotsPkHash: result.depositorWotsPkHash,\n hashlock: result.hashlock,\n htlcVout: result.htlcVout,\n depositorPopSignature: result.depositorPopSignature,\n prePeginTxHash: result.prePeginTxHash,\n vaultProviderCommissionBps: result.vaultProviderCommissionBps,\n };\n }\n\n async getVaultData(vaultId: Hex): Promise<VaultData> {\n const [basic, protocol] = await Promise.all([\n this.getVaultBasicInfo(vaultId),\n this.getVaultProtocolInfo(vaultId),\n ]);\n\n if (\n !protocol.depositorSignedPeginTx ||\n protocol.depositorSignedPeginTx === \"0x\"\n ) {\n throw new Error(\n `Vault ${vaultId} not found on-chain or has no pegin transaction`,\n );\n }\n\n return { basic, protocol };\n }\n}\n"],"names":["MAX_SATOSHIS","MEMPOOL_REQUEST_TIMEOUT_MS","fetchWithTimeout","url","options","controller","timeoutId","signals","error","MAX_FEE_RATE","isValidSatoshiValue","value","isValidFeeRate","isValidVout","vout","outputCount","assertValidTxid","txid","TXID_RE","assertValidAddress","address","BITCOIN_ADDRESS_RE","assertValidScriptPubKey","scriptPubKey","context","HEX_RE","KNOWN_SCRIPT_PREFIXES","prefix","MEMPOOL_API_URLS","fetchApi","response","errorText","contentType","pushTx","txHex","apiUrl","message","getTxInfo","getTxHex","getUtxoInfo","txInfo","output","getAddressUtxos","utxos","addressInfo","utxo","a","b","getMempoolApiUrl","network","getAddressTxs","getNetworkFees","data","feeFields","field","ApplicationRegistryABI","ProtocolParamsABI","DAEMON_STATUS_VALUES","DaemonStatus","VP_ERROR_PREVIEW_MAX_LEN","preview","_a","VP_VALIDATION_USER_MESSAGE","VpResponseValidationError","detail","__publicField","TXID_HEX_LEN","isNonEmptyHex","isNonEmptyString","assertNonEmptyHex","assertNonEmptyString","assertBtcPubkey","X_ONLY_PUBKEY_HEX_LEN","COMPRESSED_PUBKEY_HEX_LEN","validatePresigningProgressFields","progress","presigning","p","validateGetPeginStatusResponse","r","validateRequestDepositorPresignTransactionsResponse","i","validateClaimerTransactions","validateDepositorGraphTransactions","validateTransactionData","tx","validateChallengeAssertConnectorData","c","validatePresignDataPerChallenger","d","validateRequestDepositorClaimerArtifactsResponse","key","session","s","validateGetPegoutStatusResponse","claimer","challenger","graph","DEFAULT_TIMEOUT_MS","VaultProviderRpcClient","baseUrl","config","JsonRpcClient","params","signal","BIP322_TAG","TAPTWEAK_TAG","X_ONLY_PUBKEY_SIZE","SCHNORR_SIG_SIZE","taggedHash","tag","tagBytes","tagHash","sha256","preimage","tweakXOnlyKey","xOnly","tweak","tweaked","ecc","verifyBip322Simple","messageBytes","xOnlyPubkey","signature","messageHash","p2tr","payments","Buffer","ZERO_SATS","toSpend","Transaction","scriptSig","toSign","toSpendTxid","sighash","tweakedXOnly","cborHead","major","arg","n","v","out","concat","parts","total","offset","encodeBytesAsArrayOfU8","bytes","items","encodeServerIdentityPayload","domain","ephemeralPubkeyCompressed","expiresAt","arrayHeader","domainBytes","pubkeyBytes","expiresAtBytes","SERVER_IDENTITY_DOMAIN","ServerIdentityError","reason","hexToBytes","hex","verifyServerIdentity","input","proof","pinnedServerPubkey","now","pinned","stripHexPrefix","actual","eph","ephBytes","sig","SCHNORR_SIG_HEX_LEN","payload","AUTH_GATED_METHODS","TOKEN_RPC_TIMEOUT_MS","TOKEN_ISSUE_METHOD","buildInnerTokenClient","headers","method","MAX_EXPIRES_AT_SECS","DEFAULT_REFRESH_SKEW_SECS","VpTokenProvider","cached","client","existing","fresh","VpTokenRegistry","provider","peginTxid","vpTokenRegistry","createAuthenticatedVpClient","innerTokenClient","tokenProvider","primeVpTokenRegistry","resolveProtocolAddresses","publicClient","btcVaultRegistryAddress","protocolParams","applicationRegistry","BTCVaultRegistryABI","UINT16_MAX","mapOffchainParams","result","mapTBVParams","deriveTimelockPegin","timelockAssert","ViemProtocolParamsReader","contractAddress","version","results","tbvParams","offchainParams","mapKeyPairs","pair","ViemVaultKeeperReader","appEntryPoint","ViemUniversalChallengerReader","ViemVaultRegistryReader","vpAddress","lowered","stripped","hexToUint8Array","vaultId","basic","protocol"],"mappings":";;;;;;;;;;AAmBA,MAAMA,KAAe,OAAa,KAG5BC,IAA6B;AAMnC,eAAeC,EACbC,GACAC,GACmB;AACnB,QAAMC,IAAa,IAAI,gBAAA,GACjBC,IAAY;AAAA,IAChB,MAAMD,EAAW,MAAA;AAAA,IACjBJ;AAAA,EAAA,GAIIM,IAAU,CAACF,EAAW,QAAQD,KAAA,gBAAAA,EAAS,MAAM,EAAE;AAAA,IACnD;AAAA,EAAA;AAGF,MAAI;AAEF,WAAO,MAAM,MAAMD,GAAK;AAAA,MACtB,GAAGC;AAAA,MACH,QAAQ,YAAY,IAAIG,CAAO;AAAA,IAAA,CAChC;AAAA,EACH,SAASC,GAAO;AAEd,UADA,aAAaF,CAAS,GAEpBE,KAAS,QACT,OAAOA,KAAU,YACjB,UAAUA,KACVA,EAAM,SAAS,eAET,IAAI;AAAA,MACR,uCAAuCP,CAA0B,OAAOE,CAAG;AAAA,IAAA,IAGzEK;AAAA,EACR;AACF;AAMA,MAAMC,IAAe;AAErB,SAASC,EAAoBC,GAAwB;AACnD,SAAO,OAAO,UAAUA,CAAK,KAAKA,IAAQ,KAAKA,KAASX;AAC1D;AAEA,SAASY,GAAeD,GAAwB;AAC9C,SAAO,OAAO,UAAUA,CAAK,KAAKA,IAAQ,KAAKA,KAASF;AAC1D;AAEA,SAASI,EAAYC,GAAcC,GAA+B;AAChE,SAAI,CAAC,OAAO,UAAUD,CAAI,KAAKA,IAAO,IAAU,KACzCC,MAAgB,UAAaD,IAAOC;AAC7C;AAGA,SAASC,EAAgBC,GAAoB;AAC3C,MAAI,CAACC,GAAQ,KAAKD,CAAI;AACpB,UAAM,IAAI,MAAM,kCAAkCA,CAAI,EAAE;AAE5D;AAEA,SAASE,EAAmBC,GAAuB;AACjD,MAAI,CAACC,GAAmB,KAAKD,CAAO;AAClC,UAAM,IAAI,MAAM,mCAAmCA,CAAO,EAAE;AAEhE;AAEA,SAASE,EAAwBC,GAAsBC,GAAuB;AAC5E,MAAI,CAACC,EAAO,KAAKF,CAAY;AAC3B,UAAM,IAAI;AAAA,MACR,2CAA2CC,CAAO;AAAA,IAAA;AAMtD,MAAI,CAHqBE,GAAsB;AAAA,IAAK,CAACC,MACnDJ,EAAa,YAAA,EAAc,WAAWI,CAAM;AAAA,EAAA;AAG5C,UAAM,IAAI;AAAA,MACR,sCAAsCH,CAAO,YACjCD,EAAa,MAAM,GAAG,CAAC,CAAC;AAAA,IAAA;AAG1C;AAKO,MAAMK,KAAmB;AAAA,EAC9B,SAAS;AAAA,EACT,SAAS;AAAA,EACT,QAAQ;AACV;AAKA,eAAeC,EACb1B,GACAC,GACY;AACZ,MAAI;AACF,UAAM0B,IAAW,MAAM5B,EAAiBC,GAAKC,CAAO;AAEpD,QAAI,CAAC0B,EAAS,IAAI;AAChB,YAAMC,IAAY,MAAMD,EAAS,KAAA;AACjC,YAAM,IAAI;AAAA,QACR,sBAAsBA,EAAS,MAAM,MAAMC,KAAaD,EAAS,UAAU;AAAA,MAAA;AAAA,IAE/E;AAEA,UAAME,IAAcF,EAAS,QAAQ,IAAI,cAAc;AACvD,WAAIE,KAAA,QAAAA,EAAa,SAAS,sBAChB,MAAMF,EAAS,KAAA,IAEf,MAAMA,EAAS,KAAA;AAAA,EAE3B,SAAStB,GAAO;AACd,UAAIA,aAAiB,QACb,IAAI,MAAM,qCAAqCA,EAAM,OAAO,EAAE,IAEhE,IAAI,MAAM,iDAAiD;AAAA,EACnE;AACF;AAUA,eAAsByB,GAAOC,GAAeC,GAAiC;AAC3E,MAAI;AACF,UAAML,IAAW,MAAM5B,EAAiB,GAAGiC,CAAM,OAAO;AAAA,MACtD,QAAQ;AAAA,MACR,MAAMD;AAAA,MACN,SAAS;AAAA,QACP,gBAAgB;AAAA,MAAA;AAAA,IAClB,CACD;AAED,QAAI,CAACJ,EAAS,IAAI;AAChB,YAAMC,IAAY,MAAMD,EAAS,KAAA;AAEjC,UAAIM;AACJ,UAAI;AAEF,QAAAA,IADkB,KAAK,MAAML,CAAS,EAClB;AAAA,MACtB,QAAQ;AAEN,QAAAK,IAAUL;AAAA,MACZ;AACA,YAAM,IAAI;AAAA,QACRK,KAAW,oCAAoCN,EAAS,UAAU;AAAA,MAAA;AAAA,IAEtE;AAIA,WADa,MAAMA,EAAS,KAAA;AAAA,EAE9B,SAAStB,GAAO;AACd,UAAIA,aAAiB,QACb,IAAI,MAAM,wCAAwCA,EAAM,OAAO,EAAE,IAEnE,IAAI,MAAM,oDAAoD;AAAA,EACtE;AACF;AASA,eAAsB6B,GAAUpB,GAAckB,GAAiC;AAC7E,SAAAnB,EAAgBC,CAAI,GACbY,EAAiB,GAAGM,CAAM,OAAOlB,CAAI,EAAE;AAChD;AAUA,eAAsBqB,GAASrB,GAAckB,GAAiC;AAC5E,EAAAnB,EAAgBC,CAAI;AACpB,MAAI;AACF,UAAMa,IAAW,MAAM5B,EAAiB,GAAGiC,CAAM,OAAOlB,CAAI,MAAM;AAElE,QAAI,CAACa,EAAS,IAAI;AAChB,YAAMC,IAAY,MAAMD,EAAS,KAAA;AACjC,YAAM,IAAI;AAAA,QACR,sBAAsBA,EAAS,MAAM,MAAMC,KAAaD,EAAS,UAAU;AAAA,MAAA;AAAA,IAE/E;AAEA,WAAO,MAAMA,EAAS,KAAA;AAAA,EACxB,SAAStB,GAAO;AACd,UAAIA,aAAiB,QACb,IAAI,MAAM,qCAAqCS,CAAI,KAAKT,EAAM,OAAO,EAAE,IAEzE,IAAI,MAAM,qCAAqCS,CAAI,iBAAiB;AAAA,EAC5E;AACF;AAaA,eAAsBsB,GACpBtB,GACAH,GACAqB,GACmB;AACnB,EAAAnB,EAAgBC,CAAI;AACpB,QAAMuB,IAAS,MAAMH,GAAUpB,GAAMkB,CAAM;AAE3C,MAAI,CAACtB,EAAYC,GAAM0B,EAAO,KAAK,MAAM;AACvC,UAAM,IAAI;AAAA,MACR,gBAAgB1B,CAAI,oBAAoBG,CAAI,SAASuB,EAAO,KAAK,MAAM;AAAA,IAAA;AAI3E,QAAMC,IAASD,EAAO,KAAK1B,CAAI;AAC/B,MAAI,CAACJ,EAAoB+B,EAAO,KAAK;AACnC,UAAM,IAAI,MAAM,sBAAsBA,EAAO,KAAK,QAAQxB,CAAI,IAAIH,CAAI,EAAE;AAE1E,SAAAQ,EAAwBmB,EAAO,cAAc,GAAGxB,CAAI,IAAIH,CAAI,EAAE,GAEvD;AAAA,IACL,MAAAG;AAAA,IACA,MAAAH;AAAA,IACA,OAAO2B,EAAO;AAAA,IACd,cAAcA,EAAO;AAAA,EAAA;AAEzB;AASA,eAAsBC,GACpBtB,GACAe,GACwB;AACxB,EAAAhB,EAAmBC,CAAO;AAC1B,MAAI;AAEF,UAAMuB,IAAQ,MAAMd,EASlB,GAAGM,CAAM,YAAYf,CAAO,OAAO,GAG/BwB,IAAc,MAAMf,EAGvB,GAAGM,CAAM,wBAAwBf,CAAO,EAAE;AAE7C,QAAI,CAACwB,EAAY;AACf,YAAM,IAAI;AAAA,QACR,4BAA4BxB,CAAO;AAAA,MAAA;AAGvC,IAAAE,EAAwBsB,EAAY,cAAcxB,CAAO;AAQzD,eAAWyB,KAAQF,GAAO;AAExB,UADA3B,EAAgB6B,EAAK,IAAI,GACrB,CAAChC,EAAYgC,EAAK,IAAI;AACxB,cAAM,IAAI,MAAM,gBAAgBA,EAAK,IAAI,QAAQA,EAAK,IAAI,EAAE;AAE9D,UAAI,CAACnC,EAAoBmC,EAAK,KAAK;AACjC,cAAM,IAAI;AAAA,UACR,sBAAsBA,EAAK,KAAK,QAAQA,EAAK,IAAI,IAAIA,EAAK,IAAI;AAAA,QAAA;AAAA,IAGpE;AAKA,WAFoBF,EAAM,KAAK,CAACG,GAAGC,MAAMA,EAAE,QAAQD,EAAE,KAAK,EAEvC,IAAI,CAACD,OAAU;AAAA,MAChC,MAAMA,EAAK;AAAA,MACX,MAAMA,EAAK;AAAA,MACX,OAAOA,EAAK;AAAA,MACZ,cAAcD,EAAY;AAAA,MAC1B,WAAWC,EAAK,OAAO;AAAA,IAAA,EACvB;AAAA,EACJ,SAASrC,GAAO;AACd,UAAIA,aAAiB,QACb,IAAI;AAAA,MACR,mCAAmCY,CAAO,KAAKZ,EAAM,OAAO;AAAA,IAAA,IAG1D,IAAI;AAAA,MACR,mCAAmCY,CAAO;AAAA,IAAA;AAAA,EAE9C;AACF;AAQO,SAAS4B,GACdC,GACQ;AACR,SAAOrB,GAAiBqB,CAAO;AACjC;AAuBA,eAAsBC,GACpB9B,GACAe,GACsB;AACtB,SAAAhB,EAAmBC,CAAO,GACnBS,EAAsB,GAAGM,CAAM,YAAYf,CAAO,MAAM;AACjE;AAWA,eAAsB+B,GAAehB,GAAsC;AACzE,QAAML,IAAW,MAAM5B,EAAiB,GAAGiC,CAAM,sBAAsB;AAEvE,MAAI,CAACL,EAAS;AACZ,UAAM,IAAI;AAAA,MACR,iCAAiCA,EAAS,MAAM,IAAIA,EAAS,UAAU;AAAA,IAAA;AAI3E,QAAMsB,IAAO,MAAMtB,EAAS,KAAA,GAEtBuB,IAAY;AAAA,IAChB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAGF,aAAWC,KAASD;AAClB,QAAI,CAACzC,GAAewC,EAAKE,CAAK,CAAC;AAC7B,YAAM,IAAI;AAAA,QACR,oBAAoBA,CAAK,IAAIF,EAAKE,CAAK,CAAC,mDAAmD7C,CAAY;AAAA,MAAA;AAK7G,MACE2C,EAAK,aAAaA,EAAK,cACvBA,EAAK,aAAaA,EAAK,WACvBA,EAAK,UAAUA,EAAK,eACpBA,EAAK,cAAcA,EAAK;AAExB,UAAM,IAAI;AAAA,MACR,sEACiBA,EAAK,UAAU,oBAAoBA,EAAK,UAAU,iBACrDA,EAAK,OAAO,qBAAqBA,EAAK,WAAW,oBAC9CA,EAAK,UAAU;AAAA,IAAA;AAIpC,SAAOA;AACT;ACxbO,MAAMG,IAAyB;AAAA,EACpC;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,QACd,YAAY;AAAA,UACV;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,QACd,YAAY;AAAA,UACV;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAErB,GCvFaC,IAAoB;AAAA,EAC/B;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,IACR,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,QACd,YAAY;AAAA,UACV;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,IACR,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,QACd,YAAY;AAAA,UACV;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,QACd,YAAY;AAAA,UACV;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,IACR,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,QACd,YAAY;AAAA,UACV;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,IACR,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,QACd,YAAY;AAAA,UACV;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,IACR,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAErB,GCjRMC,IAAuB,IAAI,IAAY,OAAO,OAAOC,EAAY,CAAC,GAElEC,KAA2B;AAEjC,SAASC,EAAQjD,GAAwB;;AACvC,WACEkD,IAAA,KAAK,UAAUlD,CAAK,MAApB,gBAAAkD,EAAuB,MAAM,GAAGF,QAA6B;AAEjE;AAEA,MAAMG,KACJ;AAQK,MAAMC,UAAkC,MAAM;AAAA,EAGnD,YAAYC,GAAgB;AAC1B,UAAMF,EAA0B;AAHzB,IAAAG,EAAA;AAIP,SAAK,OAAO,6BACZ,KAAK,SAASD;AAAA,EAChB;AACF;AAGA,MAAME,IAAe;AAErB,SAASC,EAAcxD,GAAiC;AACtD,SAAO,OAAOA,KAAU,YAAYA,EAAM,SAAS,KAAKc,EAAO,KAAKd,CAAK;AAC3E;AAEA,SAASyD,EAAiBzD,GAAiC;AACzD,SAAO,OAAOA,KAAU,YAAYA,EAAM,SAAS;AACrD;AAEA,SAAS0D,GAAkB1D,GAAgB2C,GAAqB;AAC9D,MAAI,CAACa,EAAcxD,CAAK;AACtB,UAAM,IAAIoD;AAAA,MACR,mCAAmCT,CAAK,yCAAyCM,EAAQjD,CAAK,CAAC;AAAA,IAAA;AAGrG;AAEA,SAAS2D,EAAqB3D,GAAgB2C,GAAqB;AACjE,MAAI,CAACc,EAAiBzD,CAAK;AACzB,UAAM,IAAIoD;AAAA,MACR,mCAAmCT,CAAK,qCAAqCM,EAAQjD,CAAK,CAAC;AAAA,IAAA;AAGjG;AAMA,SAAS4D,GAAgB5D,GAAgB2C,GAAqB;AAC5D,MACE,CAACa,EAAcxD,CAAK,KACnBA,EAAM,WAAW6D,KAChB7D,EAAM,WAAW8D;AAEnB,UAAM,IAAIV;AAAA,MACR,mCAAmCT,CAAK,eAAekB,CAAqB,OAAOC,CAAyB,sCAAsCb,EAAQjD,CAAK,CAAC;AAAA,IAAA;AAGtK;AAKA,SAAS+D,GACPC,GACM;AACN,QAAMC,IAAaD,EAAS;AAC5B,MAAgCC,KAAe,KAAM;AACrD,MAAI,OAAOA,KAAe,YAAY,MAAM,QAAQA,CAAU;AAC5D,UAAM,IAAIb;AAAA,MACR;AAAA,IAAA;AAIJ,QAAMc,IAAID;AAEV,MACEC,EAAE,4BAA4B,UAC9B,OAAOA,EAAE,2BAA4B;AAErC,UAAM,IAAId;AAAA,MACR,kHAAkHH,EAAQiB,EAAE,uBAAuB,CAAC;AAAA,IAAA;AAIxJ,MACEA,EAAE,uCAAuC,UACzC,OAAOA,EAAE,sCAAuC;AAEhD,UAAM,IAAId;AAAA,MACR,4HAA4HH,EAAQiB,EAAE,kCAAkC,CAAC;AAAA,IAAA;AAI7K,MACEA,EAAE,mCAAmC,UACrC,OAAOA,EAAE,kCAAmC;AAE5C,UAAM,IAAId;AAAA,MACR,wHAAwHH,EAAQiB,EAAE,8BAA8B,CAAC;AAAA,IAAA;AAGvK;AAOO,SAASC,GACdhD,GAC4C;AAC5C,MAAIA,MAAa,QAAQ,OAAOA,KAAa;AAC3C,UAAM,IAAIiC;AAAA,MACR;AAAA,IAAA;AAIJ,QAAMgB,IAAIjD;AAEV,MAAI,CAACqC,EAAcY,EAAE,UAAU,KAAKA,EAAE,WAAW,WAAWb;AAC1D,UAAM,IAAIH;AAAA,MACR,yDAAyDG,CAAY,gCAAgCN,EAAQmB,EAAE,UAAU,CAAC;AAAA,IAAA;AAI9H,MAAI,OAAOA,EAAE,UAAW;AACtB,UAAM,IAAIhB;AAAA,MACR;AAAA,IAAA;AAIJ,MAAI,CAACN,EAAqB,IAAIsB,EAAE,MAAM;AACpC,UAAM,IAAIhB;AAAA,MACR,uDAAuDgB,EAAE,MAAM,uBAAuB,CAAC,GAAGtB,CAAoB,EAAE,KAAK,IAAI,CAAC;AAAA,IAAA;AAI9H,MACEsB,EAAE,aAAa,QACf,OAAOA,EAAE,YAAa,YACtB,MAAM,QAAQA,EAAE,QAAQ;AAExB,UAAM,IAAIhB;AAAA,MACR;AAAA,IAAA;AAMJ,MAFAW,GAAiCK,EAAE,QAAmC,GAElE,OAAOA,EAAE,eAAgB;AAC3B,UAAM,IAAIhB;AAAA,MACR;AAAA,IAAA;AAIJ,MAAIgB,EAAE,eAAe,UAAa,OAAOA,EAAE,cAAe;AACxD,UAAM,IAAIhB;AAAA,MACR,gFAAgFH,EAAQmB,EAAE,UAAU,CAAC;AAAA,IAAA;AAG3G;AAKO,SAASC,GACdlD,GACiE;AACjE,MAAIA,MAAa,QAAQ,OAAOA,KAAa;AAC3C,UAAM,IAAIiC;AAAA,MACR;AAAA,IAAA;AAIJ,QAAMgB,IAAIjD;AAEV,MAAI,CAAC,MAAM,QAAQiD,EAAE,GAAG;AACtB,UAAM,IAAIhB;AAAA,MACR;AAAA,IAAA;AAIJ,WAASkB,IAAI,GAAGA,IAAIF,EAAE,IAAI,QAAQE;AAChC,IAAAC,GAA4BH,EAAE,IAAIE,CAAC,GAAG,OAAOA,CAAC,GAAG;AAGnD,MAAIF,EAAE,oBAAoB,QAAQ,OAAOA,EAAE,mBAAoB;AAC7D,UAAM,IAAIhB;AAAA,MACR;AAAA,IAAA;AAIJ,EAAAoB;AAAA,IACEJ,EAAE;AAAA,EAAA;AAEN;AAEA,SAASK,EAAwBzE,GAAgB2C,GAAqB;AACpE,MAAI3C,MAAU,QAAQ,OAAOA,KAAU;AACrC,UAAM,IAAIoD;AAAA,MACR,mCAAmCT,CAAK;AAAA,IAAA;AAI5C,EAAAe,GADW1D,EACU,QAAQ,GAAG2C,CAAK,SAAS;AAChD;AAEA,SAAS4B,GAA4BvE,GAAgB2C,GAAqB;AACxE,MAAI3C,MAAU,QAAQ,OAAOA,KAAU;AACrC,UAAM,IAAIoD;AAAA,MACR,mCAAmCT,CAAK;AAAA,IAAA;AAI5C,QAAM+B,IAAK1E;AAEX,EAAA4D,GAAgBc,EAAG,gBAAgB,GAAG/B,CAAK,iBAAiB,GAC5D8B,EAAwBC,EAAG,UAAU,GAAG/B,CAAK,WAAW,GACxD8B,EAAwBC,EAAG,WAAW,GAAG/B,CAAK,YAAY,GAC1D8B,EAAwBC,EAAG,WAAW,GAAG/B,CAAK,YAAY,GAC1DgB,EAAqBe,EAAG,aAAa,GAAG/B,CAAK,cAAc;AAC7D;AAEA,SAASgC,GACP3E,GACA2C,GACM;AACN,MAAI3C,MAAU,QAAQ,OAAOA,KAAU;AACrC,UAAM,IAAIoD;AAAA,MACR,mCAAmCT,CAAK;AAAA,IAAA;AAI5C,QAAMiC,IAAI5E;AACV,EAAA2D,EAAqBiB,EAAE,eAAe,GAAGjC,CAAK,gBAAgB,GAC9DgB,EAAqBiB,EAAE,mBAAmB,GAAGjC,CAAK,oBAAoB;AACxE;AAEA,SAASkC,GAAiC7E,GAAgB2C,GAAqB;AAC7E,MAAI3C,MAAU,QAAQ,OAAOA,KAAU;AACrC,UAAM,IAAIoD;AAAA,MACR,mCAAmCT,CAAK;AAAA,IAAA;AAI5C,QAAMmC,IAAI9E;AAcV,MAZA4D,GAAgBkB,EAAE,mBAAmB,GAAGnC,CAAK,oBAAoB,GACjE8B;AAAA,IACEK,EAAE;AAAA,IACF,GAAGnC,CAAK;AAAA,EAAA,GAEV8B;AAAA,IACEK,EAAE;AAAA,IACF,GAAGnC,CAAK;AAAA,EAAA,GAEV8B,EAAwBK,EAAE,aAAa,GAAGnC,CAAK,cAAc,GAC7DgB,EAAqBmB,EAAE,eAAe,GAAGnC,CAAK,gBAAgB,GAE1D,CAAC,MAAM,QAAQmC,EAAE,2BAA2B;AAC9C,UAAM,IAAI1B;AAAA,MACR,mCAAmCT,CAAK;AAAA,IAAA;AAI5C,WAAS2B,IAAI,GAAGA,IAAIQ,EAAE,4BAA4B,QAAQR;AACxD,IAAAK;AAAA,MACEG,EAAE,4BAA4BR,CAAC;AAAA,MAC/B,GAAG3B,CAAK,gCAAgC2B,CAAC;AAAA,IAAA;AAI7C,MAAI,CAAC,MAAM,QAAQQ,EAAE,mBAAmB;AACtC,UAAM,IAAI1B;AAAA,MACR,mCAAmCT,CAAK;AAAA,IAAA;AAI5C,WAAS2B,IAAI,GAAGA,IAAIQ,EAAE,oBAAoB,QAAQR;AAChD,IAAAZ;AAAA,MACEoB,EAAE,oBAAoBR,CAAC;AAAA,MACvB,GAAG3B,CAAK,wBAAwB2B,CAAC;AAAA,IAAA;AAGvC;AAKO,SAASS,GACd5D,GAC8D;AAC9D,MAAIA,MAAa,QAAQ,OAAOA,KAAa;AAC3C,UAAM,IAAIiC;AAAA,MACR;AAAA,IAAA;AAIJ,QAAMgB,IAAIjD;AAEV,MAAI,CAACsC,EAAiBW,EAAE,aAAa;AACnC,UAAM,IAAIhB;AAAA,MACR,kFAAkFH,EAAQmB,EAAE,aAAa,CAAC;AAAA,IAAA;AAI9G,MAAI,CAACZ,EAAcY,EAAE,iBAAiB;AACpC,UAAM,IAAIhB;AAAA,MACR,0FAA0FH,EAAQmB,EAAE,iBAAiB,CAAC;AAAA,IAAA;AAI1H,MAAIA,EAAE,kBAAkB,QAAQ,OAAOA,EAAE,iBAAkB;AACzD,UAAM,IAAIhB;AAAA,MACR;AAAA,IAAA;AAIJ,aAAW,CAAC4B,GAAKC,CAAO,KAAK,OAAO;AAAA,IAClCb,EAAE;AAAA,EAAA,GACD;AACD,QAAIa,MAAY,QAAQ,OAAOA,KAAY;AACzC,YAAM,IAAI7B;AAAA,QACR,iDAAiD4B,CAAG;AAAA,MAAA;AAGxD,UAAME,IAAID;AACV,QAAI,CAACzB,EAAc0B,EAAE,uBAAuB;AAC1C,YAAM,IAAI9B;AAAA,QACR,iDAAiD4B,CAAG,iEAAiE/B,EAAQiC,EAAE,uBAAuB,CAAC;AAAA,MAAA;AAAA,EAG7J;AACF;AAKO,SAASC,GACdhE,GAC6C;AAC7C,MAAIA,MAAa,QAAQ,OAAOA,KAAa;AAC3C,UAAM,IAAIiC;AAAA,MACR;AAAA,IAAA;AAIJ,QAAMgB,IAAIjD;AAEV,MAAI,CAACqC,EAAcY,EAAE,UAAU,KAAKA,EAAE,WAAW,WAAWb;AAC1D,UAAM,IAAIH;AAAA,MACR,yDAAyDG,CAAY,gCAAgCN,EAAQmB,EAAE,UAAU,CAAC;AAAA,IAAA;AAI9H,MAAI,OAAOA,EAAE,SAAU;AACrB,UAAM,IAAIhB;AAAA,MACR,iEAAiEH,EAAQmB,EAAE,KAAK,CAAC;AAAA,IAAA;AAIrF,MAAIA,EAAE,YAAY,QAAW;AAC3B,QAAIA,EAAE,YAAY,QAAQ,OAAOA,EAAE,WAAY;AAC7C,YAAM,IAAIhB;AAAA,QACR;AAAA,MAAA;AAGJ,UAAMgC,IAAUhB,EAAE;AAClB,QAAI,OAAOgB,EAAQ,UAAW;AAC5B,YAAM,IAAIhC;AAAA,QACR,yEAAyEH,EAAQmC,EAAQ,MAAM,CAAC;AAAA,MAAA;AAGpG,QAAI,OAAOA,EAAQ,UAAW;AAC5B,YAAM,IAAIhC;AAAA,QACR,0EAA0EH,EAAQmC,EAAQ,MAAM,CAAC;AAAA,MAAA;AAAA,EAGvG;AAEA,MAAIhB,EAAE,eAAe,QAAW;AAC9B,QAAIA,EAAE,eAAe,QAAQ,OAAOA,EAAE,cAAe;AACnD,YAAM,IAAIhB;AAAA,QACR;AAAA,MAAA;AAGJ,UAAMiC,IAAajB,EAAE;AACrB,QAAI,OAAOiB,EAAW,UAAW;AAC/B,YAAM,IAAIjC;AAAA,QACR,4EAA4EH,EAAQoC,EAAW,MAAM,CAAC;AAAA,MAAA;AAAA,EAG5G;AACF;AAEA,SAASb,GACPc,GACM;AAMN,MALAb,EAAwBa,EAAM,UAAU,0BAA0B,GAClEb,EAAwBa,EAAM,WAAW,2BAA2B,GACpEb,EAAwBa,EAAM,WAAW,2BAA2B,GACpE3B,EAAqB2B,EAAM,aAAa,6BAA6B,GAEjE,CAAC,MAAM,QAAQA,EAAM,uBAAuB;AAC9C,UAAM,IAAIlC;AAAA,MACR;AAAA,IAAA;AAIJ,WAASkB,IAAI,GAAGA,IAAIgB,EAAM,wBAAwB,QAAQhB;AACxD,IAAAO;AAAA,MACES,EAAM,wBAAwBhB,CAAC;AAAA,MAC/B,2CAA2CA,CAAC;AAAA,IAAA;AAIhD,MAAI,OAAOgB,EAAM,2BAA4B;AAC3C,UAAM,IAAIlC;AAAA,MACR;AAAA,IAAA;AAGN;AC3YA,MAAMmC,KAAqB;AAWpB,MAAMC,GAEb;AAAA,EAGE,YAAYC,GAAiBhG,GAAyC;AAF9D,IAAA6D,EAAA;AAGN,UAAMoC,IAA8B;AAAA,MAClC,SAAAD;AAAA,MACA,UAAShG,KAAA,gBAAAA,EAAS,YAAW8F;AAAA,MAC7B,SAAS9F,KAAA,gBAAAA,EAAS;AAAA,MAClB,YAAYA,KAAA,gBAAAA,EAAS;AAAA,MACrB,cAAcA,KAAA,gBAAAA,EAAS;AAAA,MACvB,SAASA,KAAA,gBAAAA,EAAS;AAAA,MAClB,eAAeA,KAAA,gBAAAA,EAAS;AAAA,MACxB,kBAAkBA,KAAA,gBAAAA,EAAS;AAAA,IAAA;AAE7B,SAAK,SAAS,IAAIkG,EAAcD,CAAM;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,oCACJE,GACAC,GACsD;AACtD,UAAM1E,IAAW,MAAM,KAAK,OAAO,KAGjC,qDAAqDyE,GAAQC,CAAM;AACrE,WAAAxB,GAAoDlD,CAAQ,GACrDA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,6BACJyE,GACAC,GACe;AACf,WAAO,KAAK,OAAO;AAAA,MACjB;AAAA,MACAD;AAAA,MACAC;AAAA,IAAA;AAAA,EAEJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,uBACJD,GACAC,GACe;AACf,WAAO,KAAK,OAAO;AAAA,MACjB;AAAA,MACAD;AAAA,MACAC;AAAA,IAAA;AAAA,EAEJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,iCACJD,GACAC,GACmD;AACnD,UAAM1E,IAAW,MAAM,KAAK,OAAO,KAGjC,kDAAkDyE,GAAQC,CAAM;AAClE,WAAAd,GAAiD5D,CAAQ,GAClDA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,eACJyE,GACAC,GACiC;AACjC,UAAM1E,IAAW,MAAM,KAAK,OAAO;AAAA,MACjC;AAAA,MACAyE;AAAA,MACAC;AAAA,IAAA;AAEF,WAAA1B,GAA+BhD,CAAQ,GAChCA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,gBACJyE,GACAC,GACkC;AAClC,UAAM1E,IAAW,MAAM,KAAK,OAAO;AAAA,MACjC;AAAA,MACAyE;AAAA,MACAC;AAAA,IAAA;AAEF,WAAAV,GAAgChE,CAAQ,GACjCA;AAAA,EACT;AACF;AC5IA,MAAM2E,KAAa,0BAGbC,KAAe,YAEfC,KAAqB,IACrBC,KAAmB;AAMzB,SAASC,GAAWC,GAAa1D,GAA8B;AAC7D,QAAM2D,IAAW,IAAI,cAAc,OAAOD,CAAG,GACvCE,IAAUC,EAAOF,CAAQ,GACzBG,IAAW,IAAI,WAAWF,EAAQ,SAAS,IAAI5D,EAAK,MAAM;AAChE,SAAA8D,EAAS,IAAIF,GAAS,CAAC,GACvBE,EAAS,IAAIF,GAASA,EAAQ,MAAM,GACpCE,EAAS,IAAI9D,GAAM4D,EAAQ,SAAS,CAAC,GAC9BC,EAAOC,CAAQ;AACxB;AAYA,SAASC,GAAcC,GAAsC;AAC3D,MAAIA,EAAM,WAAWT,GAAoB,QAAO;AAChD,QAAMU,IAAQR,GAAWH,IAAcU,CAAK,GACtCE,IAAUC,EAAI,mBAAmBH,GAAOC,CAAK;AACnD,SAAOC,IAAUA,EAAQ,cAAc;AACzC;AAoBO,SAASE,GACdC,GACAC,GACAC,GACS;AAET,MADID,EAAY,WAAWf,MACvBgB,EAAU,WAAWf,GAAkB,QAAO;AAOlD,MAAI;AAEF,UAAMgB,IAAcf,GAAWJ,IAAYgB,CAAY,GAKjDI,IAAOC,GAAS,KAAK;AAAA,MACzB,gBAAgBC,EAAO,KAAKL,CAAW;AAAA,IAAA,CACxC;AACD,QAAI,CAACG,EAAK,OAAQ,QAAO;AACzB,UAAMtG,IAAesG,EAAK,QAUpBG,IAAY,GACZC,IAAU,IAAIC,EAAA;AACpB,IAAAD,EAAQ,UAAU,GAClBA,EAAQ,WAAW;AAEnB,UAAME,IAAYJ,EAAO,OAAO;AAAA,MAC9BA,EAAO,KAAK,CAAC,GAAM,EAAI,CAAC;AAAA,MACxBA,EAAO,KAAKH,CAAW;AAAA,IAAA,CACxB;AACD,IAAAK,EAAQ;AAAA,MACNF,EAAO,MAAM,IAAI,CAAC;AAAA;AAAA,MAClB;AAAA;AAAA,MACA;AAAA;AAAA,MACAI;AAAA,IAAA,GAEFF,EAAQ,UAAU1G,GAAcyG,CAAS;AAGzC,UAAMI,IAAS,IAAIF,EAAA;AACnB,IAAAE,EAAO,UAAU,GACjBA,EAAO,WAAW;AAElB,UAAMC,IAAcJ,EAAQ,QAAA;AAC5B,IAAAG,EAAO,SAASC,GAAa,GAAG,CAAC,GACjCD,EAAO,UAAUL,EAAO,KAAK,CAAC,GAAI,CAAC,GAAGC,CAAS;AAG/C,UAAMM,IAAUF,EAAO;AAAA,MACrB;AAAA,MACA,CAAC7G,CAAY;AAAA,MACb,CAACyG,CAAS;AAAA,MACVE,EAAY;AAAA,IAAA,GAIRK,IAAepB,GAAcO,CAAW;AAC9C,WAAKa,IAEEhB,EAAI,cAAce,GAASC,GAAcZ,CAAS,IAF/B;AAAA,EAG5B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AC9IA,SAASa,EAASC,GAAeC,GAAkC;AACjE,QAAM5B,KAAO2B,IAAQ,MAAS,GACxBE,IAAI,OAAOD,KAAQ,WAAWA,IAAM,OAAOA,CAAG;AACpD,MAAIC,IAAI,GAAI,OAAM,IAAI,MAAM,6BAA6B;AAEzD,MAAIA,IAAI,IAAK,QAAO,IAAI,WAAW,CAAC7B,IAAM,OAAO6B,CAAC,CAAC,CAAC;AACpD,MAAIA,IAAI,OAAQ,QAAO,IAAI,WAAW,CAAC7B,IAAM,IAAI,OAAO6B,CAAC,CAAC,CAAC;AAC3D,MAAIA,IAAI,UAAU;AAChB,UAAMC,IAAI,OAAOD,CAAC;AAClB,WAAO,IAAI,WAAW,CAAC7B,IAAM,IAAK8B,MAAM,IAAK,KAAMA,IAAI,GAAI,CAAC;AAAA,EAC9D;AACA,MAAID,IAAI,cAAgB;AACtB,UAAMC,IAAI,OAAOD,CAAC;AAClB,WAAO,IAAI,WAAW;AAAA,MACpB7B,IAAM;AAAA,MACL8B,MAAM,KAAM;AAAA,MACZA,MAAM,KAAM;AAAA,MACZA,MAAM,IAAK;AAAA,MACZA,IAAI;AAAA,IAAA,CACL;AAAA,EACH;AAEA,QAAMC,IAAM,IAAI,WAAW,CAAC;AAC5B,EAAAA,EAAI,CAAC,IAAI/B,IAAM;AACf,WAAS7B,IAAI,GAAGA,KAAK,GAAGA;AACtB,IAAA4D,EAAI,IAAI5D,CAAC,IAAI,OAAO0D,KAAK,QAAQ,IAAI1D,KAAK,CAAC,CAAC,IAAI;AAElD,SAAO4D;AACT;AAEA,SAASC,MAAUC,GAAiC;AAClD,QAAMC,IAAQD,EAAM,OAAO,CAAClD,GAAGhB,MAAMgB,IAAIhB,EAAE,QAAQ,CAAC,GAC9CgE,IAAM,IAAI,WAAWG,CAAK;AAChC,MAAIC,IAAS;AACb,aAAWpE,KAAKkE;AACd,IAAAF,EAAI,IAAIhE,GAAGoE,CAAM,GACjBA,KAAUpE,EAAE;AAEd,SAAOgE;AACT;AASA,SAASK,EAAuBC,GAA+B;AAE7D,QAAMC,IAAsB,CADbZ,EAAS,GAAGW,EAAM,MAAM,CACJ;AACnC,aAAWpG,KAAKoG;AACd,IAAAC,EAAM,KAAKZ,EAAS,GAAGzF,CAAC,CAAC;AAE3B,SAAO+F,GAAO,GAAGM,CAAK;AACxB;AAsBO,SAASC,GACdC,GACAC,GACAC,GACY;AACZ,MAAI,CAAC,OAAO,cAAcA,CAAS,KAAKA,IAAY;AAClD,UAAM,IAAI;AAAA,MACR,oFAAoFA,CAAS;AAAA,IAAA;AAGjG,QAAMC,IAAcjB,EAAS,GAAG,CAAC,GAC3BkB,IAAcR,EAAuBI,CAAM,GAC3CK,IAAcT,EAAuBK,CAAyB,GAC9DK,IAAiBpB,EAAS,GAAGgB,CAAS;AAC5C,SAAOV,GAAOW,GAAaC,GAAaC,GAAaC,CAAc;AACrE;ACzFA,MAAMC,KAAyB,IAAI,YAAA,EAAc;AAAA,EAC/C;AACF;AA6BO,MAAMC,UAA4B,MAAM;AAAA,EAC7C,YACE1H,GACgB2H,GAQhB;AACA,UAAM3H,CAAO,GATG,KAAA,SAAA2H,GAUhB,KAAK,OAAO;AAAA,EACd;AACF;AAGA,SAASC,EAAWC,GAAyB;AAC3C,QAAMpB,IAAM,IAAI,WAAWoB,EAAI,SAAS,CAAC;AACzC,WAAShF,IAAI,GAAGA,IAAI4D,EAAI,QAAQ5D;AAC9B,IAAA4D,EAAI5D,CAAC,IAAI,SAASgF,EAAI,MAAMhF,IAAI,GAAGA,IAAI,IAAI,CAAC,GAAG,EAAE;AAEnD,SAAO4D;AACT;AAsBO,SAASqB,GAAqBC,GAAwC;AAC3E,QAAM,EAAE,OAAAC,GAAO,oBAAAC,GAAoB,KAAAC,EAAA,IAAQH,GAErCI,IAASC,EAAeH,CAAkB,EAAE,YAAA;AAClD,MAAIE,EAAO,WAAW/F,KAAyB,CAAC/C,EAAO,KAAK8I,CAAM;AAChE,UAAM,IAAIT;AAAA,MACR,+CAA+CS,EAAO,MAAM;AAAA,MAC5D;AAAA,IAAA;AAIJ,QAAME,IAASD,EAAeJ,EAAM,aAAa,EAAE,YAAA;AACnD,MAAIK,EAAO,WAAWjG,KAAyB,CAAC/C,EAAO,KAAKgJ,CAAM;AAChE,UAAM,IAAIX;AAAA,MACR,0CAA0CW,EAAO,MAAM;AAAA,MACvD;AAAA,IAAA;AAIJ,MAAIA,MAAWF;AACb,UAAM,IAAIT;AAAA,MACR,uDAAuDS,CAAM,SAASE,CAAM;AAAA,MAC5E;AAAA,IAAA;AAWJ,MAAI,CAAC,OAAO,cAAcL,EAAM,UAAU;AACxC,UAAM,IAAIN;AAAA,MACR,4CAA4C,KAAK,UAAUM,EAAM,UAAU,CAAC;AAAA,MAC5E;AAAA,IAAA;AAGJ,MAAI,CAAC,OAAO,cAAcE,CAAG;AAC3B,UAAM,IAAIR;AAAA,MACR,qCAAqC,KAAK,UAAUQ,CAAG,CAAC;AAAA,MACxD;AAAA,IAAA;AAGJ,MAAIF,EAAM,cAAcE;AACtB,UAAM,IAAIR;AAAA,MACR,oCAAoCM,EAAM,UAAU,SAASE,CAAG;AAAA,MAChE;AAAA,IAAA;AAIJ,QAAMI,IAAMF,EAAeJ,EAAM,gBAAgB,EAAE,YAAA;AACnD,MAAIM,EAAI,WAAWjG,KAA6B,CAAChD,EAAO,KAAKiJ,CAAG;AAC9D,UAAM,IAAIZ;AAAA,MACR,wDAAwDY,EAAI,MAAM;AAAA,MAClE;AAAA,IAAA;AAGJ,QAAM/I,IAAS+I,EAAI,MAAM,GAAG,CAAC;AAC7B,MAAI/I,MAAW,QAAQA,MAAW;AAChC,UAAM,IAAImI;AAAA,MACR,2DAA2DnI,CAAM;AAAA,MACjE;AAAA,IAAA;AASJ,QAAMgJ,IAAWX,EAAWU,CAAG;AAC/B,MAAI,CAACnD,EAAI,QAAQoD,CAAQ;AACvB,UAAM,IAAIb;AAAA,MACR;AAAA,MACA;AAAA,IAAA;AAIJ,QAAMc,IAAMJ,EAAeJ,EAAM,SAAS,EAAE,YAAA;AAC5C,MAAIQ,EAAI,WAAWC,MAAuB,CAACpJ,EAAO,KAAKmJ,CAAG;AACxD,UAAM,IAAId;AAAA,MACR,8CAA8Cc,EAAI,MAAM;AAAA,MACxD;AAAA,IAAA;AAQJ,QAAME,IAAUzB;AAAA,IACdQ;AAAA,IACAG,EAAWU,CAAG;AAAA,IACdN,EAAM;AAAA,EAAA;AAGR,MAAI,CADa5C,GAAmBsD,GAASd,EAAWS,CAAM,GAAGT,EAAWY,CAAG,CAAC;AAE9E,UAAM,IAAId;AAAA,MACR;AAAA,MACA;AAAA,IAAA;AAGN;AClNO,MAAMiB,yBAA8C,IAAI;AAAA,EAC7D;AAAA,EACA;AAAA,EACA;AACF,CAAC,GCFKC,KAAuB,KAEhBC,IAAqB;AAE3B,SAASC,GACd9E,GACA+E,GACe;AACf,SAAO,IAAI7E,EAAc;AAAA,IACvB,SAAAF;AAAA,IACA,SAAS4E;AAAA,IACT,SAAAG;AAAA,IACA,cAAc,CAACC,MAAWA,MAAWH;AAAA,EAAA,CACtC;AACH;ACgBA,MAAMI,IAAsB,YAOtBC,KAA4B;AAyC3B,MAAMC,GAA+C;AAAA,EAgB1D,YAAYlF,GAA+B;AAXnC;AAAA;AAAA;AAAA;AAAA,IAAApC,EAAA;AACS,IAAAA,EAAA;AACA,IAAAA,EAAA;AACA,IAAAA,EAAA;AACA,IAAAA,EAAA;AACA,IAAAA,EAAA;AACA,IAAAA,EAAA;AAET,IAAAA,EAAA,gBAA6B;AAC7B,IAAAA,EAAA,kBAAwC;AAG9C,SAAK,SAASoC,EAAO,QACrB,KAAK,YAAYA,EAAO,WACxB,KAAK,gBAAgBA,EAAO,eAC5B,KAAK,qBAAqBA,EAAO,oBACjC,KAAK,mBAAmBA,EAAO,kBAC/B,KAAK,kBAAkBA,EAAO,mBAAmBiF,IACjD,KAAK,MAAMjF,EAAO,QAAQ,MAAM,KAAK,MAAM,KAAK,QAAQ,GAAI;AAAA,EAC9D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,SAAS+E,GAAwC;AAErD,QADIA,MAAWH,KACX,CAAC,KAAK,iBAAiB,IAAIG,CAAM,EAAG,QAAO;AAE/C,UAAMI,IAAS,KAAK;AACpB,WAAIA,KAAU,KAAK,IAAA,IAAQ,KAAK,kBAAkBA,EAAO,YAChDA,EAAO,SAGF,MAAM,KAAK,oBAAA,GACZ;AAAA,EACf;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,aAAmB;AACjB,SAAK,SAAS;AAAA,EAKhB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,UAAUC,GAA6B;AACrC,SAAK,SAASA;AAAA,EAChB;AAAA,EAEQ,sBAA4C;AAClD,UAAMC,IAAW,KAAK;AACtB,QAAIA,EAAU,QAAOA;AAErB,UAAM7G,KAAK,YAAY;AACrB,UAAI;AACF,cAAM/C,IAAW,MAAM,KAAK,OAAO,KAGjCmJ,GAAoB;AAAA,UACpB,YAAY,KAAK;AAAA,UACjB,aAAa,KAAK;AAAA,QAAA,CACnB;AAWD,YATAf,GAAqB;AAAA,UACnB,OAAOpI,EAAS;AAAA,UAChB,oBAAoB,KAAK;AAAA,UACzB,KAAK,KAAK,IAAA;AAAA,QAAI,CACf,GAKG,OAAOA,EAAS,SAAU,YAAYA,EAAS,MAAM,WAAW;AAClE,gBAAM,IAAI;AAAA,YACR,sFAAsF,OAAOA,EAAS,KAAK;AAAA,UAAA;AAG/G,cAAMwI,IAAM,KAAK,IAAA;AACjB,YACE,CAAC,OAAO,cAAcxI,EAAS,UAAU,KACzCA,EAAS,cAAcwI,KACvBxI,EAAS,aAAauJ;AAEtB,gBAAM,IAAI;AAAA,YACR,gEAAgE,KAAK,UAAUvJ,EAAS,UAAU,CAAC,gCAAgCwI,CAAG,KAAKe,CAAmB;AAAA,UAAA;AAIlK,cAAMM,IAAqB;AAAA,UACzB,OAAO7J,EAAS;AAAA,UAChB,WAAWA,EAAS;AAAA,QAAA;AAEtB,oBAAK,SAAS6J,GACPA;AAAA,MACT,UAAA;AACE,aAAK,WAAW;AAAA,MAClB;AAAA,IACF,GAAA;AAEA,gBAAK,WAAW9G,GACTA;AAAA,EACT;AACF;AC9LO,MAAM+G,GAAgB;AAAA,EAAtB;AACY,IAAA3H,EAAA,qCAAc,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAS/B,YAAYkG,GAA8C;AACxD,UAAMuB,IAAW,KAAK,QAAQ,IAAIvB,EAAM,SAAS;AACjD,QAAIuB,GAAU;AACZ,UAAIA,EAAS,kBAAkBvB,EAAM;AACnC,cAAM,IAAI;AAAA,UACR,8BAA8BA,EAAM,SAAS,mCAAmCuB,EAAS,cAAc,MAAM,GAAG,CAAC,CAAC,UAAUvB,EAAM,cAAc,MAAM,GAAG,CAAC,CAAC;AAAA,QAAA;AAG/J,UAAIuB,EAAS,uBAAuBvB,EAAM;AACxC,cAAM,IAAI;AAAA,UACR,8BAA8BA,EAAM,SAAS,wCAAwCuB,EAAS,mBAAmB,MAAM,GAAG,CAAC,CAAC,UAAUvB,EAAM,mBAAmB,MAAM,GAAG,CAAC,CAAC;AAAA,QAAA;AAM9K,aAAAuB,EAAS,SAAS,UAAUvB,EAAM,MAAM,GACjCuB,EAAS;AAAA,IAClB;AAEA,UAAMG,IAAW,IAAIN,GAAgB;AAAA,MACnC,QAAQpB,EAAM;AAAA,MACd,WAAWA,EAAM;AAAA,MACjB,eAAeA,EAAM;AAAA,MACrB,oBAAoBA,EAAM;AAAA,MAC1B,kBAAkBY;AAAA,IAAA,CACnB;AACD,gBAAK,QAAQ,IAAIZ,EAAM,WAAW;AAAA,MAChC,UAAA0B;AAAA,MACA,eAAe1B,EAAM;AAAA,MACrB,oBAAoBA,EAAM;AAAA,IAAA,CAC3B,GACM0B;AAAA,EACT;AAAA;AAAA,EAGA,KAAKC,GAAgD;;AACnD,YAAOjI,IAAA,KAAK,QAAQ,IAAIiI,CAAS,MAA1B,gBAAAjI,EAA6B;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,QAAQiI,GAAyB;AAC/B,SAAK,QAAQ,OAAOA,CAAS;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,QAAc;AACZ,SAAK,QAAQ,MAAA;AAAA,EACf;AAAA,EAEA,IAAI,OAAe;AACjB,WAAO,KAAK,QAAQ;AAAA,EACtB;AACF;AAaO,MAAMC,KAAyC,IAAIH,GAAA;AChFnD,SAASI,GACd3F,GACwB;;AACxB,QAAM4F,IAAmBf;AAAA,IACvB7E,EAAO;AAAA,KACPxC,IAAAwC,EAAO,YAAP,gBAAAxC,EAAgB;AAAA,EAAA,GAGZqI,IAAgBH,GAAgB,YAAY;AAAA,IAChD,QAAQE;AAAA,IACR,WAAW5F,EAAO;AAAA,IAClB,eAAeA,EAAO;AAAA,IACtB,oBAAoBA,EAAO;AAAA,EAAA,CAC5B;AAED,SAAO,IAAIF,GAAuBE,EAAO,SAAS;AAAA,IAChD,GAAGA,EAAO;AAAA,IACV,eAAA6F;AAAA,EAAA,CACD;AACH;AC5BO,SAASC,GAAqBhC,GAA+B;AAClE,EAAA4B,GAAgB,YAAY;AAAA,IAC1B,QAAQb,GAAsBf,EAAM,SAASA,EAAM,OAAO;AAAA,IAC1D,WAAWA,EAAM;AAAA,IACjB,eAAeA,EAAM;AAAA,IACrB,oBAAoBA,EAAM;AAAA,EAAA,CAC3B;AACH;ACAA,eAAsBiC,GACpBC,GACAC,GAC4B;AAC5B,QAAM,CAACC,GAAgBC,CAAmB,IAAI,MAAMH,EAAa,UAAU;AAAA,IACzE,WAAW;AAAA,MACT;AAAA,QACE,SAASC;AAAA,QACT,KAAKG;AAAA,QACL,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,SAASH;AAAA,QACT,KAAKG;AAAA,QACL,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,cAAc;AAAA,EAAA,CACf;AAED,SAAO;AAAA,IACL,gBAAAF;AAAA,IACA,qBAAAC;AAAA,EAAA;AAEJ;ACjCA,MAAME,IAAa;AAgCnB,SAASC,EAAkBC,GAAoD;AAC7E,SAAO;AAAA,IACL,gBAAgBA,EAAO;AAAA,IACvB,yBAAyBA,EAAO;AAAA,IAChC,qBAAqB,CAAC,GAAGA,EAAO,mBAAmB;AAAA,IACnD,eAAeA,EAAO;AAAA,IACtB,SAASA,EAAO;AAAA,IAChB,oBAAoBA,EAAO;AAAA,IAC3B,yBAAyBA,EAAO;AAAA,IAChC,oBAAoBA,EAAO;AAAA,IAC3B,SAASA,EAAO;AAAA,IAChB,QAAQA,EAAO;AAAA,IACf,iBAAiBA,EAAO;AAAA,IACxB,sBAAsBA,EAAO;AAAA,IAC7B,kBAAkBA,EAAO;AAAA,EAAA;AAE7B;AAGA,SAASC,EAAaD,GAAyC;AAC7D,SAAO;AAAA,IACL,oBAAoBA,EAAO;AAAA,IAC3B,gBAAgBA,EAAO;AAAA,IACvB,iBAAiBA,EAAO;AAAA,IACxB,wBAAwBA,EAAO;AAAA,IAC/B,oBAAoBA,EAAO;AAAA,EAAA;AAE/B;AAYA,SAASE,EAAoBC,GAAgC;AAC3D,MAAIA,IAAiB,OAAOL,CAAU;AACpC,UAAM,IAAI;AAAA,MACR,wBAAwBK,CAAc,wBAAwBL,CAAU;AAAA,IAAA;AAG5E,SAAO,OAAOK,CAAc;AAC9B;AAWO,MAAMC,GAAyD;AAAA,EACpE,YACUX,GACAY,GACR;AAFQ,SAAA,eAAAZ,GACA,KAAA,kBAAAY;AAAA,EACP;AAAA,EAEH,MAAM,uBAAmD;AACvD,UAAML,IAAU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKpJ;AAAA,MACL,cAAc;AAAA,IAAA,CACf;AAED,WAAOqJ,EAAaD,CAAM;AAAA,EAC5B;AAAA,EAEA,MAAM,0BAA4D;AAChE,UAAMA,IAAU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKpJ;AAAA,MACL,cAAc;AAAA,IAAA,CACf;AAED,WAAOmJ,EAAkBC,CAAM;AAAA,EACjC;AAAA,EAEA,MAAM,2BACJM,GACkC;AAClC,UAAMN,IAAU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKpJ;AAAA,MACL,cAAc;AAAA,MACd,MAAM,CAAC0J,CAAO;AAAA,IAAA,CACf;AAED,WAAOP,EAAkBC,CAAM;AAAA,EACjC;AAAA,EAEA,MAAM,iCAAkD;AAOtD,WANgB,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKpJ;AAAA,MACL,cAAc;AAAA,IAAA,CACf;AAAA,EAGH;AAAA,EAEA,MAAM,0BAA0B0J,GAAkC;AAChE,UAAM3G,IAAS,MAAM,KAAK,2BAA2B2G,CAAO;AAC5D,WAAOJ,EAAoBvG,EAAO,cAAc;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,wBAAqD;AACzD,UAAM4G,IAAU,MAAM,KAAK,aAAa,UAAU;AAAA,MAChD,WAAW;AAAA,QACT;AAAA,UACE,SAAS,KAAK;AAAA,UACd,KAAK3J;AAAA,UACL,cAAc;AAAA,QAAA;AAAA,QAEhB;AAAA,UACE,SAAS,KAAK;AAAA,UACd,KAAKA;AAAA,UACL,cAAc;AAAA,QAAA;AAAA,MAChB;AAAA,MAEF,cAAc;AAAA,IAAA,CACf,GAEK4J,IAAYP,EAAaM,EAAQ,CAAC,CAAiB,GACnDE,IAAiBV,EAAkBQ,EAAQ,CAAC,CAAsB;AAExE,WAAO;AAAA,MACL,oBAAoBC,EAAU;AAAA,MAC9B,gBAAgBA,EAAU;AAAA,MAC1B,iBAAiBA,EAAU;AAAA,MAC3B,wBAAwBA,EAAU;AAAA,MAClC,oBAAoBA,EAAU;AAAA,MAC9B,eAAeN,EAAoBO,EAAe,cAAc;AAAA,MAChE,gBAAgBA,EAAe;AAAA,MAC/B,oBAAoBA,EAAe;AAAA,MACnC,gBAAAA;AAAA,IAAA;AAAA,EAEJ;AACF;ACtLA,SAASC,EACPV,GACqB;AACrB,SAAOA,EAAO,IAAI,CAACW,OAAU;AAAA,IAC3B,YAAYA,EAAK;AAAA,IACjB,WAAWA,EAAK;AAAA,EAAA,EAChB;AACJ;AAWO,MAAMC,GAAmD;AAAA,EAC9D,YACUnB,GACAY,GACR;AAFQ,SAAA,eAAAZ,GACA,KAAA,kBAAAY;AAAA,EACP;AAAA,EAEH,MAAM,yBACJQ,GACAP,GAC8B;AAC9B,UAAMN,IAAU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKrJ;AAAA,MACL,cAAc;AAAA,MACd,MAAM,CAACkK,GAAeP,CAAO;AAAA,IAAA,CAC9B;AAED,WAAOI,EAAYV,CAAM;AAAA,EAC3B;AAAA,EAEA,MAAM,uBACJa,GAC8B;AAC9B,UAAMb,IAAU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKrJ;AAAA,MACL,cAAc;AAAA,MACd,MAAM,CAACkK,CAAa;AAAA,IAAA,CACrB;AAED,WAAOH,EAAYV,CAAM;AAAA,EAC3B;AAAA,EAEA,MAAM,8BACJa,GACiB;AAQjB,WAPgB,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKlK;AAAA,MACL,cAAc;AAAA,MACd,MAAM,CAACkK,CAAa;AAAA,IAAA,CACrB;AAAA,EAGH;AACF;AAWO,MAAMC,GAAmE;AAAA,EAC9E,YACUrB,GACAY,GACR;AAFQ,SAAA,eAAAZ,GACA,KAAA,kBAAAY;AAAA,EACP;AAAA,EAEH,MAAM,iCACJC,GAC8B;AAC9B,UAAMN,IAAU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKpJ;AAAA,MACL,cAAc;AAAA,MACd,MAAM,CAAC0J,CAAO;AAAA,IAAA,CACf;AAED,WAAOI,EAAYV,CAAM;AAAA,EAC3B;AAAA,EAEA,MAAM,iCAA+D;AACnE,UAAMA,IAAU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKpJ;AAAA,MACL,cAAc;AAAA,IAAA,CACf;AAED,WAAO8J,EAAYV,CAAM;AAAA,EAC3B;AAAA,EAEA,MAAM,uCAAwD;AAO5D,WANgB,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKpJ;AAAA,MACL,cAAc;AAAA,IAAA,CACf;AAAA,EAGH;AACF;ACrGO,MAAMmK,GAAuD;AAAA,EAClE,YACUtB,GACAY,GACR;AAFQ,SAAA,eAAAZ,GACA,KAAA,kBAAAY;AAAA,EACP;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQH,MAAM,0BACJW,GAC2B;AAO3B,UAAMC,KANU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKpB;AAAA,MACL,cAAc;AAAA,MACd,MAAM,CAACmB,CAAS;AAAA,IAAA,CACjB,GACsB,YAAA;AACvB,QAAI,CAAC,mBAAmB,KAAKC,CAAO;AAClC,YAAM,IAAI;AAAA,QACR,2DAA2DD,CAAS,YAAYC,EAAQ,MAAM,aAAaA,EAAQ,MAAM,GAAG,CAAC,CAAC;AAAA,MAAA;AAGlI,UAAMC,IAAWD,EAAQ,MAAM,CAAC;AAChC,QAAI,CAACtG,EAAI,aAAawG,GAAgBD,CAAQ,CAAC;AAC7C,YAAM,IAAI;AAAA,QACR,kFAAkFF,CAAS;AAAA,MAAA;AAG/F,WAAOE;AAAA,EACT;AAAA,EAEA,MAAM,kBAAkBE,GAAuC;AAC7D,UAAMpB,IAAU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKH;AAAA,MACL,cAAc;AAAA,MACd,MAAM,CAACuB,CAAO;AAAA,IAAA,CACf;AAUD,WAAO;AAAA,MACL,WAAWpB,EAAO;AAAA,MAClB,oBAAoBA,EAAO;AAAA,MAC3B,QAAQA,EAAO;AAAA,MACf,eAAeA,EAAO;AAAA,MACtB,QAAQA,EAAO;AAAA,MACf,uBAAuBA,EAAO;AAAA,MAC9B,WAAWA,EAAO;AAAA,IAAA;AAAA,EAEtB;AAAA,EAEA,MAAM,qBAAqBoB,GAA0C;AACnE,UAAMpB,IAAU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKH;AAAA,MACL,cAAc;AAAA,MACd,MAAM,CAACuB,CAAO;AAAA,IAAA,CACf;AAcD,WAAO;AAAA,MACL,wBAAwBpB,EAAO;AAAA,MAC/B,6BAA6BA,EAAO;AAAA,MACpC,wBAAwBA,EAAO;AAAA,MAC/B,uBAAuBA,EAAO;AAAA,MAC9B,YAAYA,EAAO;AAAA,MACnB,qBAAqBA,EAAO;AAAA,MAC5B,UAAUA,EAAO;AAAA,MACjB,UAAUA,EAAO;AAAA,MACjB,uBAAuBA,EAAO;AAAA,MAC9B,gBAAgBA,EAAO;AAAA,MACvB,4BAA4BA,EAAO;AAAA,IAAA;AAAA,EAEvC;AAAA,EAEA,MAAM,aAAaoB,GAAkC;AACnD,UAAM,CAACC,GAAOC,CAAQ,IAAI,MAAM,QAAQ,IAAI;AAAA,MAC1C,KAAK,kBAAkBF,CAAO;AAAA,MAC9B,KAAK,qBAAqBA,CAAO;AAAA,IAAA,CAClC;AAED,QACE,CAACE,EAAS,0BACVA,EAAS,2BAA2B;AAEpC,YAAM,IAAI;AAAA,QACR,SAASF,CAAO;AAAA,MAAA;AAIpB,WAAO,EAAE,OAAAC,GAAO,UAAAC,EAAA;AAAA,EAClB;AACF;"}
1
+ {"version":3,"file":"vault-registry-reader-CWGbw_wZ.js","sources":["../src/tbv/core/clients/mempool/mempoolApi.ts","../src/tbv/core/contracts/abis/ApplicationRegistry.abi.ts","../src/tbv/core/contracts/abis/ProtocolParams.abi.ts","../src/tbv/core/clients/vault-provider/validators.ts","../src/tbv/core/clients/vault-provider/api.ts","../src/tbv/core/clients/vault-provider/auth/bip322Verify.ts","../src/tbv/core/clients/vault-provider/auth/cbor.ts","../src/tbv/core/clients/vault-provider/auth/serverIdentity.ts","../src/tbv/core/clients/vault-provider/auth/gatedMethods.ts","../src/tbv/core/clients/vault-provider/auth/innerTokenClient.ts","../src/tbv/core/clients/vault-provider/auth/tokenProvider.ts","../src/tbv/core/clients/vault-provider/auth/tokenRegistry.ts","../src/tbv/core/clients/vault-provider/auth/createAuthenticatedVpClient.ts","../src/tbv/core/clients/vault-provider/auth/primeVpAuth.ts","../src/tbv/core/clients/eth/contract-address-resolver.ts","../src/tbv/core/clients/eth/protocol-params-reader.ts","../src/tbv/core/clients/eth/signer-set-reader.ts","../src/tbv/core/clients/eth/vault-registry-reader.ts"],"sourcesContent":["/**\n * Mempool API Client\n *\n * Client for interacting with mempool.space API for Bitcoin network operations.\n * Used for broadcasting transactions and fetching UTXO data.\n *\n * @module clients/mempool/mempoolApi\n */\n\nimport {\n BITCOIN_ADDRESS_RE,\n HEX_RE,\n KNOWN_SCRIPT_PREFIXES,\n TXID_RE,\n} from \"../../utils/validation\";\n\nimport type { MempoolUTXO, NetworkFees, TxInfo, UtxoInfo } from \"./types\";\n\n/** Maximum valid satoshi value: 21 million BTC × 10^8 sats/BTC */\nconst MAX_SATOSHIS = 21_000_000 * 1e8;\n\n/** Timeout for mempool API requests — prevents indefinite hangs from stalled endpoints */\nconst MEMPOOL_REQUEST_TIMEOUT_MS = 30_000;\n\n/**\n * Fetch wrapper with AbortController-based timeout.\n * Ensures all mempool API requests fail bounded rather than hanging indefinitely.\n */\nasync function fetchWithTimeout(\n url: string,\n options?: RequestInit,\n): Promise<Response> {\n const controller = new AbortController();\n const timeoutId = setTimeout(\n () => controller.abort(),\n MEMPOOL_REQUEST_TIMEOUT_MS,\n );\n\n // Compose timeout signal with any caller-supplied signal so both can cancel\n const signals = [controller.signal, options?.signal].filter(\n Boolean,\n ) as AbortSignal[];\n\n try {\n // Don't clear timeout here — let it cover body consumption by callers\n return await fetch(url, {\n ...options,\n signal: AbortSignal.any(signals),\n });\n } catch (error) {\n clearTimeout(timeoutId);\n if (\n error != null &&\n typeof error === \"object\" &&\n \"name\" in error &&\n error.name === \"AbortError\"\n ) {\n throw new Error(\n `Mempool API request timed out after ${MEMPOOL_REQUEST_TIMEOUT_MS}ms: ${url}`,\n );\n }\n throw error;\n }\n}\n\n/**\n * Maximum sane fee rate in sat/vByte.\n * The April 2024 Runes spike peaked around 1,805 sat/vB — 10,000 provides ample headroom.\n */\nconst MAX_FEE_RATE = 10_000;\n\nfunction isValidSatoshiValue(value: number): boolean {\n return Number.isInteger(value) && value > 0 && value <= MAX_SATOSHIS;\n}\n\nfunction isValidFeeRate(value: number): boolean {\n return Number.isInteger(value) && value > 0 && value <= MAX_FEE_RATE;\n}\n\nfunction isValidVout(vout: number, outputCount?: number): boolean {\n if (!Number.isInteger(vout) || vout < 0) return false;\n return outputCount === undefined || vout < outputCount;\n}\n\n\nfunction assertValidTxid(txid: string): void {\n if (!TXID_RE.test(txid)) {\n throw new Error(`Invalid transaction ID format: ${txid}`);\n }\n}\n\nfunction assertValidAddress(address: string): void {\n if (!BITCOIN_ADDRESS_RE.test(address)) {\n throw new Error(`Invalid Bitcoin address format: ${address}`);\n }\n}\n\nfunction assertValidScriptPubKey(scriptPubKey: string, context: string): void {\n if (!HEX_RE.test(scriptPubKey)) {\n throw new Error(\n `Invalid scriptPubKey: not valid hex for ${context}`,\n );\n }\n const matchesKnownType = KNOWN_SCRIPT_PREFIXES.some((prefix) =>\n scriptPubKey.toLowerCase().startsWith(prefix),\n );\n if (!matchesKnownType) {\n throw new Error(\n `Unrecognized scriptPubKey type for ${context}: ` +\n `prefix ${scriptPubKey.slice(0, 6)} does not match any known Bitcoin script type`,\n );\n }\n}\n\n/**\n * Default mempool API URLs by network.\n */\nexport const MEMPOOL_API_URLS = {\n mainnet: \"https://mempool.space/api\",\n testnet: \"https://mempool.space/testnet/api\",\n signet: \"https://mempool.space/signet/api\",\n} as const;\n\n/**\n * Fetch wrapper with error handling.\n */\nasync function fetchApi<T>(\n url: string,\n options?: RequestInit,\n): Promise<T> {\n try {\n const response = await fetchWithTimeout(url, options);\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(\n `Mempool API error (${response.status}): ${errorText || response.statusText}`,\n );\n }\n\n const contentType = response.headers.get(\"content-type\");\n if (contentType?.includes(\"application/json\")) {\n return (await response.json()) as T;\n } else {\n return (await response.text()) as T;\n }\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(`Failed to fetch from mempool API: ${error.message}`);\n }\n throw new Error(\"Failed to fetch from mempool API: Unknown error\");\n }\n}\n\n/**\n * Push a signed transaction to the Bitcoin network.\n *\n * @param txHex - The signed transaction hex string\n * @param apiUrl - Mempool API base URL\n * @returns The transaction ID\n * @throws Error if broadcasting fails\n */\nexport async function pushTx(txHex: string, apiUrl: string): Promise<string> {\n try {\n const response = await fetchWithTimeout(`${apiUrl}/tx`, {\n method: \"POST\",\n body: txHex,\n headers: {\n \"Content-Type\": \"text/plain\",\n },\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n // Try to extract error message from response using robust JSON parsing\n let message: string | undefined;\n try {\n const errorJson = JSON.parse(errorText);\n message = errorJson.message;\n } catch {\n // Not JSON, use raw text\n message = errorText;\n }\n throw new Error(\n message || `Failed to broadcast transaction: ${response.statusText}`,\n );\n }\n\n // Response is the transaction ID (plain text)\n const txId = await response.text();\n return txId;\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(`Failed to broadcast BTC transaction: ${error.message}`);\n }\n throw new Error(\"Failed to broadcast BTC transaction: Unknown error\");\n }\n}\n\n/**\n * Get transaction information from mempool.\n *\n * @param txid - The transaction ID\n * @param apiUrl - Mempool API base URL\n * @returns Transaction information\n */\nexport async function getTxInfo(txid: string, apiUrl: string): Promise<TxInfo> {\n assertValidTxid(txid);\n return fetchApi<TxInfo>(`${apiUrl}/tx/${txid}`);\n}\n\n/**\n * Get the hex representation of a transaction.\n *\n * @param txid - The transaction ID\n * @param apiUrl - Mempool API base URL\n * @returns The transaction hex string\n * @throws Error if the request fails or transaction is not found\n */\nexport async function getTxHex(txid: string, apiUrl: string): Promise<string> {\n assertValidTxid(txid);\n try {\n const response = await fetchWithTimeout(`${apiUrl}/tx/${txid}/hex`);\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(\n `Mempool API error (${response.status}): ${errorText || response.statusText}`,\n );\n }\n\n return await response.text();\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(`Failed to get transaction hex for ${txid}: ${error.message}`);\n }\n throw new Error(`Failed to get transaction hex for ${txid}: Unknown error`);\n }\n}\n\n/**\n * Get UTXO information for a specific transaction output.\n *\n * This is used for constructing PSBTs where we need the witnessUtxo data.\n * Only supports Taproot (P2TR) and native SegWit (P2WPKH, P2WSH) script types.\n *\n * @param txid - The transaction ID containing the UTXO\n * @param vout - The output index\n * @param apiUrl - Mempool API base URL\n * @returns UTXO information with value and scriptPubKey\n */\nexport async function getUtxoInfo(\n txid: string,\n vout: number,\n apiUrl: string,\n): Promise<UtxoInfo> {\n assertValidTxid(txid);\n const txInfo = await getTxInfo(txid, apiUrl);\n\n if (!isValidVout(vout, txInfo.vout.length)) {\n throw new Error(\n `Invalid vout ${vout} for transaction ${txid} (has ${txInfo.vout.length} outputs)`,\n );\n }\n\n const output = txInfo.vout[vout];\n if (!isValidSatoshiValue(output.value)) {\n throw new Error(`Invalid UTXO value ${output.value} for ${txid}:${vout}`);\n }\n assertValidScriptPubKey(output.scriptpubkey, `${txid}:${vout}`);\n\n return {\n txid,\n vout,\n value: output.value,\n scriptPubKey: output.scriptpubkey,\n };\n}\n\n/**\n * Get all UTXOs for a Bitcoin address.\n *\n * @param address - The Bitcoin address\n * @param apiUrl - Mempool API base URL\n * @returns Array of UTXOs sorted by value (largest first)\n */\nexport async function getAddressUtxos(\n address: string,\n apiUrl: string,\n): Promise<MempoolUTXO[]> {\n assertValidAddress(address);\n try {\n // Fetch UTXOs for the address\n const utxos = await fetchApi<\n {\n txid: string;\n vout: number;\n value: number;\n status: {\n confirmed: boolean;\n };\n }[]\n >(`${apiUrl}/address/${address}/utxo`);\n\n // Fetch scriptPubKey for the address\n const addressInfo = await fetchApi<{\n isvalid: boolean;\n scriptPubKey: string;\n }>(`${apiUrl}/v1/validate-address/${address}`);\n\n if (!addressInfo.isvalid) {\n throw new Error(\n `Invalid Bitcoin address: ${address}. Mempool API validation failed.`,\n );\n }\n assertValidScriptPubKey(addressInfo.scriptPubKey, address);\n\n // Validate UTXO fields from the listing endpoint.\n // Per-UTXO cross-verification against /tx/{txid} is intentionally NOT done\n // here — it would be expensive (N API calls) and redundant: the broadcast\n // path already verifies each selected input via getUtxoInfo before signing.\n // Both endpoints come from the same mempool API, so cross-checking one\n // against the other on the same server does not add real security.\n for (const utxo of utxos) {\n assertValidTxid(utxo.txid);\n if (!isValidVout(utxo.vout)) {\n throw new Error(`Invalid vout ${utxo.vout} for ${utxo.txid}`);\n }\n if (!isValidSatoshiValue(utxo.value)) {\n throw new Error(\n `Invalid UTXO value ${utxo.value} for ${utxo.txid}:${utxo.vout}`,\n );\n }\n }\n\n // Sort by value (largest first) and map to our UTXO format\n const sortedUTXOs = utxos.sort((a, b) => b.value - a.value);\n\n return sortedUTXOs.map((utxo) => ({\n txid: utxo.txid,\n vout: utxo.vout,\n value: utxo.value,\n scriptPubKey: addressInfo.scriptPubKey,\n confirmed: utxo.status.confirmed,\n }));\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(\n `Failed to get UTXOs for address ${address}: ${error.message}`,\n );\n }\n throw new Error(\n `Failed to get UTXOs for address ${address}: Unknown error`,\n );\n }\n}\n\n/**\n * Get the mempool API URL for a given network.\n *\n * @param network - Bitcoin network (mainnet, testnet, signet)\n * @returns The mempool API URL\n */\nexport function getMempoolApiUrl(\n network: \"mainnet\" | \"testnet\" | \"signet\",\n): string {\n return MEMPOOL_API_URLS[network];\n}\n\n/**\n * Transaction summary from address transactions endpoint.\n */\nexport interface AddressTx {\n txid: string;\n status: {\n confirmed: boolean;\n block_height?: number;\n };\n}\n\n/**\n * Get recent transactions for a Bitcoin address.\n *\n * Returns the last 25 confirmed transactions plus any unconfirmed (mempool) transactions.\n * This is useful for checking if a specific transaction has been broadcast.\n *\n * @param address - The Bitcoin address\n * @param apiUrl - Mempool API base URL\n * @returns Array of recent transactions\n */\nexport async function getAddressTxs(\n address: string,\n apiUrl: string,\n): Promise<AddressTx[]> {\n assertValidAddress(address);\n return fetchApi<AddressTx[]>(`${apiUrl}/address/${address}/txs`);\n}\n\n/**\n * Fetches Bitcoin network fee recommendations from mempool.space API.\n *\n * @param apiUrl - Mempool API base URL\n * @returns Fee rates in sat/vbyte for different confirmation times\n * @throws Error if request fails or returns invalid data\n *\n * @see https://mempool.space/docs/api/rest#get-recommended-fees\n */\nexport async function getNetworkFees(apiUrl: string): Promise<NetworkFees> {\n const response = await fetchWithTimeout(`${apiUrl}/v1/fees/recommended`);\n\n if (!response.ok) {\n throw new Error(\n `Failed to fetch network fees: ${response.status} ${response.statusText}`,\n );\n }\n\n const data = await response.json();\n\n const feeFields = [\n \"fastestFee\",\n \"halfHourFee\",\n \"hourFee\",\n \"economyFee\",\n \"minimumFee\",\n ] as const;\n\n for (const field of feeFields) {\n if (!isValidFeeRate(data[field])) {\n throw new Error(\n `Invalid fee rate ${field}=${data[field]} from mempool API: expected a positive number ≤ ${MAX_FEE_RATE}`,\n );\n }\n }\n\n if (\n data.minimumFee > data.economyFee ||\n data.economyFee > data.hourFee ||\n data.hourFee > data.halfHourFee ||\n data.halfHourFee > data.fastestFee\n ) {\n throw new Error(\n `Fee rate ordering violation from mempool API: expected ` +\n `minimumFee (${data.minimumFee}) <= economyFee (${data.economyFee}) <= ` +\n `hourFee (${data.hourFee}) <= halfHourFee (${data.halfHourFee}) <= ` +\n `fastestFee (${data.fastestFee}).`,\n );\n }\n\n return data as NetworkFees;\n}\n\n","/**\n * ApplicationRegistry Contract ABI\n *\n * Minimal ABI containing only the vault keeper read functions needed by the SDK.\n * Generated from vault-contracts-aave-v4 IApplicationRegistry.sol interface.\n *\n * @module contracts/abis/ApplicationRegistry\n */\n\nexport const ApplicationRegistryABI = [\n {\n type: \"function\",\n name: \"getVaultKeepersByVersion\",\n inputs: [\n {\n name: \"appEntryPoint\",\n type: \"address\",\n internalType: \"address\",\n },\n {\n name: \"versionNumber\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n ],\n outputs: [\n {\n name: \"\",\n type: \"tuple[]\",\n internalType: \"struct BTCVaultTypes.AddressBTCKeyPair[]\",\n components: [\n {\n name: \"ethAddress\",\n type: \"address\",\n internalType: \"address\",\n },\n {\n name: \"btcPubKey\",\n type: \"bytes32\",\n internalType: \"bytes32\",\n },\n ],\n },\n ],\n stateMutability: \"view\",\n },\n {\n type: \"function\",\n name: \"getCurrentVaultKeepers\",\n inputs: [\n {\n name: \"appEntryPoint\",\n type: \"address\",\n internalType: \"address\",\n },\n ],\n outputs: [\n {\n name: \"\",\n type: \"tuple[]\",\n internalType: \"struct BTCVaultTypes.AddressBTCKeyPair[]\",\n components: [\n {\n name: \"ethAddress\",\n type: \"address\",\n internalType: \"address\",\n },\n {\n name: \"btcPubKey\",\n type: \"bytes32\",\n internalType: \"bytes32\",\n },\n ],\n },\n ],\n stateMutability: \"view\",\n },\n {\n type: \"function\",\n name: \"getCurrentVaultKeepersVersion\",\n inputs: [\n {\n name: \"appEntryPoint\",\n type: \"address\",\n internalType: \"address\",\n },\n ],\n outputs: [\n {\n name: \"\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n ],\n stateMutability: \"view\",\n },\n] as const;\n","/**\n * ProtocolParams Contract ABI\n *\n * Minimal ABI containing only the read functions needed by the SDK.\n * Generated from vault-contracts-aave-v4 IProtocolParams.sol interface.\n *\n * @module contracts/abis/ProtocolParams\n */\n\nexport const ProtocolParamsABI = [\n {\n type: \"function\",\n name: \"getTBVProtocolParams\",\n inputs: [],\n outputs: [\n {\n name: \"\",\n type: \"tuple\",\n internalType: \"struct IProtocolParams.TBVProtocolParams\",\n components: [\n {\n name: \"minimumPegInAmount\",\n type: \"uint64\",\n internalType: \"uint64\",\n },\n {\n name: \"maxPegInAmount\",\n type: \"uint64\",\n internalType: \"uint64\",\n },\n {\n name: \"pegInAckTimeout\",\n type: \"uint64\",\n internalType: \"uint64\",\n },\n {\n name: \"pegInActivationTimeout\",\n type: \"uint64\",\n internalType: \"uint64\",\n },\n {\n name: \"maxHtlcOutputCount\",\n type: \"uint8\",\n internalType: \"uint8\",\n },\n ],\n },\n ],\n stateMutability: \"view\",\n },\n {\n type: \"function\",\n name: \"getLatestOffchainParams\",\n inputs: [],\n outputs: [\n {\n name: \"\",\n type: \"tuple\",\n internalType: \"struct IProtocolParams.VersionedOffchainParams\",\n components: [\n {\n name: \"timelockAssert\",\n type: \"uint256\",\n internalType: \"uint256\",\n },\n {\n name: \"timelockChallengeAssert\",\n type: \"uint256\",\n internalType: \"uint256\",\n },\n {\n name: \"securityCouncilKeys\",\n type: \"bytes32[]\",\n internalType: \"bytes32[]\",\n },\n {\n name: \"councilQuorum\",\n type: \"uint8\",\n internalType: \"uint8\",\n },\n {\n name: \"feeRate\",\n type: \"uint64\",\n internalType: \"uint64\",\n },\n {\n name: \"babeTotalInstances\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n {\n name: \"babeInstancesToFinalize\",\n type: \"uint8\",\n internalType: \"uint8\",\n },\n {\n name: \"minVpCommissionBps\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n {\n name: \"tRefund\",\n type: \"uint32\",\n internalType: \"uint32\",\n },\n {\n name: \"tStale\",\n type: \"uint32\",\n internalType: \"uint32\",\n },\n {\n name: \"minPeginFeeRate\",\n type: \"uint64\",\n internalType: \"uint64\",\n },\n {\n name: \"proverProgramVersion\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n {\n name: \"minPrepeginDepth\",\n type: \"uint32\",\n internalType: \"uint32\",\n },\n ],\n },\n ],\n stateMutability: \"view\",\n },\n {\n type: \"function\",\n name: \"getOffchainParamsByVersion\",\n inputs: [\n {\n name: \"versionNumber\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n ],\n outputs: [\n {\n name: \"\",\n type: \"tuple\",\n internalType: \"struct IProtocolParams.VersionedOffchainParams\",\n components: [\n {\n name: \"timelockAssert\",\n type: \"uint256\",\n internalType: \"uint256\",\n },\n {\n name: \"timelockChallengeAssert\",\n type: \"uint256\",\n internalType: \"uint256\",\n },\n {\n name: \"securityCouncilKeys\",\n type: \"bytes32[]\",\n internalType: \"bytes32[]\",\n },\n {\n name: \"councilQuorum\",\n type: \"uint8\",\n internalType: \"uint8\",\n },\n {\n name: \"feeRate\",\n type: \"uint64\",\n internalType: \"uint64\",\n },\n {\n name: \"babeTotalInstances\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n {\n name: \"babeInstancesToFinalize\",\n type: \"uint8\",\n internalType: \"uint8\",\n },\n {\n name: \"minVpCommissionBps\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n {\n name: \"tRefund\",\n type: \"uint32\",\n internalType: \"uint32\",\n },\n {\n name: \"tStale\",\n type: \"uint32\",\n internalType: \"uint32\",\n },\n {\n name: \"minPeginFeeRate\",\n type: \"uint64\",\n internalType: \"uint64\",\n },\n {\n name: \"proverProgramVersion\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n {\n name: \"minPrepeginDepth\",\n type: \"uint32\",\n internalType: \"uint32\",\n },\n ],\n },\n ],\n stateMutability: \"view\",\n },\n {\n type: \"function\",\n name: \"latestOffchainParamsVersion\",\n inputs: [],\n outputs: [\n {\n name: \"\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n ],\n stateMutability: \"view\",\n },\n {\n type: \"function\",\n name: \"getUniversalChallengersByVersion\",\n inputs: [\n {\n name: \"versionNumber\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n ],\n outputs: [\n {\n name: \"\",\n type: \"tuple[]\",\n internalType: \"struct BTCVaultTypes.AddressBTCKeyPair[]\",\n components: [\n {\n name: \"ethAddress\",\n type: \"address\",\n internalType: \"address\",\n },\n {\n name: \"btcPubKey\",\n type: \"bytes32\",\n internalType: \"bytes32\",\n },\n ],\n },\n ],\n stateMutability: \"view\",\n },\n {\n type: \"function\",\n name: \"getCurrentUniversalChallengers\",\n inputs: [],\n outputs: [\n {\n name: \"\",\n type: \"tuple[]\",\n internalType: \"struct BTCVaultTypes.AddressBTCKeyPair[]\",\n components: [\n {\n name: \"ethAddress\",\n type: \"address\",\n internalType: \"address\",\n },\n {\n name: \"btcPubKey\",\n type: \"bytes32\",\n internalType: \"bytes32\",\n },\n ],\n },\n ],\n stateMutability: \"view\",\n },\n {\n type: \"function\",\n name: \"latestUniversalChallengersVersion\",\n inputs: [],\n outputs: [\n {\n name: \"\",\n type: \"uint16\",\n internalType: \"uint16\",\n },\n ],\n stateMutability: \"view\",\n },\n] as const;\n","/**\n * Runtime validation for vault provider RPC responses.\n *\n * All VP RPC methods return untyped JSON that TypeScript generics cast without\n * inspection. These validators check the critical top-level fields and\n * security-relevant values (status, txids, pubkeys). Optional progress\n * sub-fields (gc_data, ack_collection, claimer_graphs) are NOT validated\n * since they are informational and not used for signing or transaction\n * construction. Only `progress.presigning` sub-fields are checked.\n */\n\nimport {\n COMPRESSED_PUBKEY_HEX_LEN,\n X_ONLY_PUBKEY_HEX_LEN,\n} from \"../../primitives/utils/bitcoin\";\nimport { HEX_RE } from \"../../utils/validation\";\n\nimport { DaemonStatus } from \"./types\";\nimport type {\n GetPeginStatusResponse,\n GetPegoutStatusResponse,\n RequestDepositorClaimerArtifactsResponse,\n RequestDepositorPresignTransactionsResponse,\n} from \"./types\";\n\nconst DAEMON_STATUS_VALUES = new Set<string>(Object.values(DaemonStatus));\n\nconst VP_ERROR_PREVIEW_MAX_LEN = 200;\n\nfunction preview(value: unknown): string {\n return (\n JSON.stringify(value)?.slice(0, VP_ERROR_PREVIEW_MAX_LEN) ?? \"undefined\"\n );\n}\n\nconst VP_VALIDATION_USER_MESSAGE =\n \"The vault provider returned an unexpected response. Please try again or contact support.\";\n\n/**\n * Thrown when a VP RPC response fails runtime validation.\n *\n * `.message` is a user-facing string safe to display in the UI.\n * `.detail` contains the technical reason, suitable for logging.\n */\nexport class VpResponseValidationError extends Error {\n readonly detail: string;\n\n constructor(detail: string) {\n super(VP_VALIDATION_USER_MESSAGE);\n this.name = \"VpResponseValidationError\";\n this.detail = detail;\n }\n}\n\n/** Expected length (in hex chars) of a Bitcoin transaction ID (32 bytes). */\nconst TXID_HEX_LEN = 64;\n\nfunction isNonEmptyHex(value: unknown): value is string {\n return typeof value === \"string\" && value.length > 0 && HEX_RE.test(value);\n}\n\nfunction isNonEmptyString(value: unknown): value is string {\n return typeof value === \"string\" && value.length > 0;\n}\n\nfunction assertNonEmptyHex(value: unknown, field: string): void {\n if (!isNonEmptyHex(value)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"${field}\" must be a non-empty hex string, got ${preview(value)}`,\n );\n }\n}\n\nfunction assertNonEmptyString(value: unknown, field: string): void {\n if (!isNonEmptyString(value)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"${field}\" must be a non-empty string, got ${preview(value)}`,\n );\n }\n}\n\n/**\n * Accept both x-only (64-char) and compressed (66-char) pubkeys from VP responses.\n * The signing code normalizes to x-only via processPublicKeyToXOnly().\n */\nfunction assertBtcPubkey(value: unknown, field: string): void {\n if (\n !isNonEmptyHex(value) ||\n (value.length !== X_ONLY_PUBKEY_HEX_LEN &&\n value.length !== COMPRESSED_PUBKEY_HEX_LEN)\n ) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"${field}\" must be a ${X_ONLY_PUBKEY_HEX_LEN} or ${COMPRESSED_PUBKEY_HEX_LEN}-char hex string (BTC pubkey), got ${preview(value)}`,\n );\n }\n}\n\n/**\n * Validate the optional presigning progress fields returned inside PeginProgressDetails.\n */\nfunction validatePresigningProgressFields(\n progress: Record<string, unknown>,\n): void {\n const presigning = progress.presigning;\n if (presigning === undefined || presigning === null) return;\n if (typeof presigning !== \"object\" || Array.isArray(presigning)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"progress.presigning\" must be an object if present`,\n );\n }\n\n const p = presigning as Record<string, unknown>;\n\n if (\n p.depositor_graph_created !== undefined &&\n typeof p.depositor_graph_created !== \"boolean\"\n ) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"progress.presigning.depositor_graph_created\" must be a boolean if present, got ${preview(p.depositor_graph_created)}`,\n );\n }\n\n if (\n p.vk_challenger_presigning_completed !== undefined &&\n typeof p.vk_challenger_presigning_completed !== \"number\"\n ) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"progress.presigning.vk_challenger_presigning_completed\" must be a number if present, got ${preview(p.vk_challenger_presigning_completed)}`,\n );\n }\n\n if (\n p.vk_challenger_presigning_total !== undefined &&\n typeof p.vk_challenger_presigning_total !== \"number\"\n ) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"progress.presigning.vk_challenger_presigning_total\" must be a number if present, got ${preview(p.vk_challenger_presigning_total)}`,\n );\n }\n}\n\n/**\n * Validate a getPeginStatus response.\n *\n * Throws if the status field is not a recognized DaemonStatus value.\n */\nexport function validateGetPeginStatusResponse(\n response: unknown,\n): asserts response is GetPeginStatusResponse {\n if (response === null || typeof response !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: getPeginStatus response is not an object`,\n );\n }\n\n const r = response as Record<string, unknown>;\n\n if (!isNonEmptyHex(r.pegin_txid) || r.pegin_txid.length !== TXID_HEX_LEN) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"pegin_txid\" must be a ${TXID_HEX_LEN}-char hex string (txid), got ${preview(r.pegin_txid)}`,\n );\n }\n\n if (typeof r.status !== \"string\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"status\" must be a string`,\n );\n }\n\n if (!DAEMON_STATUS_VALUES.has(r.status)) {\n throw new VpResponseValidationError(\n `VP response validation failed: unrecognized status \"${r.status}\". Expected one of: ${[...DAEMON_STATUS_VALUES].join(\", \")}`,\n );\n }\n\n if (\n r.progress === null ||\n typeof r.progress !== \"object\" ||\n Array.isArray(r.progress)\n ) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"progress\" must be an object`,\n );\n }\n\n validatePresigningProgressFields(r.progress as Record<string, unknown>);\n\n if (typeof r.health_info !== \"string\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"health_info\" must be a string`,\n );\n }\n\n if (r.last_error !== undefined && typeof r.last_error !== \"string\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"last_error\" must be a string if present, got ${preview(r.last_error)}`,\n );\n }\n}\n\n/**\n * Validate a requestDepositorPresignTransactions response.\n */\nexport function validateRequestDepositorPresignTransactionsResponse(\n response: unknown,\n): asserts response is RequestDepositorPresignTransactionsResponse {\n if (response === null || typeof response !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: requestDepositorPresignTransactions response is not an object`,\n );\n }\n\n const r = response as Record<string, unknown>;\n\n if (!Array.isArray(r.txs)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"txs\" must be an array`,\n );\n }\n\n for (let i = 0; i < r.txs.length; i++) {\n validateClaimerTransactions(r.txs[i], `txs[${i}]`);\n }\n\n if (r.depositor_graph === null || typeof r.depositor_graph !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"depositor_graph\" must be an object`,\n );\n }\n\n validateDepositorGraphTransactions(\n r.depositor_graph as Record<string, unknown>,\n );\n}\n\nfunction validateTransactionData(value: unknown, field: string): void {\n if (value === null || typeof value !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"${field}\" must be an object`,\n );\n }\n const tx = value as Record<string, unknown>;\n assertNonEmptyHex(tx.tx_hex, `${field}.tx_hex`);\n}\n\nfunction validateClaimerTransactions(value: unknown, field: string): void {\n if (value === null || typeof value !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"${field}\" must be an object`,\n );\n }\n\n const tx = value as Record<string, unknown>;\n\n assertBtcPubkey(tx.claimer_pubkey, `${field}.claimer_pubkey`);\n validateTransactionData(tx.claim_tx, `${field}.claim_tx`);\n validateTransactionData(tx.assert_tx, `${field}.assert_tx`);\n validateTransactionData(tx.payout_tx, `${field}.payout_tx`);\n assertNonEmptyString(tx.payout_psbt, `${field}.payout_psbt`);\n}\n\nfunction validateChallengeAssertConnectorData(\n value: unknown,\n field: string,\n): void {\n if (value === null || typeof value !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"${field}\" must be an object`,\n );\n }\n\n const c = value as Record<string, unknown>;\n assertNonEmptyString(c.wots_pks_json, `${field}.wots_pks_json`);\n assertNonEmptyString(c.gc_wots_keys_json, `${field}.gc_wots_keys_json`);\n}\n\nfunction validatePresignDataPerChallenger(value: unknown, field: string): void {\n if (value === null || typeof value !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"${field}\" must be an object`,\n );\n }\n\n const d = value as Record<string, unknown>;\n\n assertBtcPubkey(d.challenger_pubkey, `${field}.challenger_pubkey`);\n validateTransactionData(\n d.challenge_assert_x_tx,\n `${field}.challenge_assert_x_tx`,\n );\n validateTransactionData(\n d.challenge_assert_y_tx,\n `${field}.challenge_assert_y_tx`,\n );\n validateTransactionData(d.nopayout_tx, `${field}.nopayout_tx`);\n assertNonEmptyString(d.nopayout_psbt, `${field}.nopayout_psbt`);\n\n if (!Array.isArray(d.challenge_assert_connectors)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"${field}.challenge_assert_connectors\" must be an array`,\n );\n }\n\n for (let i = 0; i < d.challenge_assert_connectors.length; i++) {\n validateChallengeAssertConnectorData(\n d.challenge_assert_connectors[i],\n `${field}.challenge_assert_connectors[${i}]`,\n );\n }\n\n if (!Array.isArray(d.output_label_hashes)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"${field}.output_label_hashes\" must be an array`,\n );\n }\n\n for (let i = 0; i < d.output_label_hashes.length; i++) {\n assertNonEmptyHex(\n d.output_label_hashes[i],\n `${field}.output_label_hashes[${i}]`,\n );\n }\n}\n\n/**\n * Validate a requestDepositorClaimerArtifacts response.\n */\nexport function validateRequestDepositorClaimerArtifactsResponse(\n response: unknown,\n): asserts response is RequestDepositorClaimerArtifactsResponse {\n if (response === null || typeof response !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: requestDepositorClaimerArtifacts response is not an object`,\n );\n }\n\n const r = response as Record<string, unknown>;\n\n if (!isNonEmptyString(r.tx_graph_json)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"tx_graph_json\" must be a non-empty string, got ${preview(r.tx_graph_json)}`,\n );\n }\n\n if (!isNonEmptyHex(r.verifying_key_hex)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"verifying_key_hex\" must be a non-empty hex string, got ${preview(r.verifying_key_hex)}`,\n );\n }\n\n if (r.babe_sessions === null || typeof r.babe_sessions !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"babe_sessions\" must be an object`,\n );\n }\n\n for (const [key, session] of Object.entries(\n r.babe_sessions as Record<string, unknown>,\n )) {\n if (session === null || typeof session !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"babe_sessions.${key}\" must be an object`,\n );\n }\n const s = session as Record<string, unknown>;\n if (!isNonEmptyHex(s.decryptor_artifacts_hex)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"babe_sessions.${key}.decryptor_artifacts_hex\" must be a non-empty hex string, got ${preview(s.decryptor_artifacts_hex)}`,\n );\n }\n }\n}\n\n/**\n * Validate a getPegoutStatus response.\n */\nexport function validateGetPegoutStatusResponse(\n response: unknown,\n): asserts response is GetPegoutStatusResponse {\n if (response === null || typeof response !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: getPegoutStatus response is not an object`,\n );\n }\n\n const r = response as Record<string, unknown>;\n\n if (!isNonEmptyHex(r.pegin_txid) || r.pegin_txid.length !== TXID_HEX_LEN) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"pegin_txid\" must be a ${TXID_HEX_LEN}-char hex string (txid), got ${preview(r.pegin_txid)}`,\n );\n }\n\n if (typeof r.found !== \"boolean\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"found\" must be a boolean, got ${preview(r.found)}`,\n );\n }\n\n if (r.claimer !== undefined) {\n if (r.claimer === null || typeof r.claimer !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"claimer\" must be an object if present`,\n );\n }\n const claimer = r.claimer as Record<string, unknown>;\n if (typeof claimer.status !== \"string\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"claimer.status\" must be a string, got ${preview(claimer.status)}`,\n );\n }\n if (typeof claimer.failed !== \"boolean\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"claimer.failed\" must be a boolean, got ${preview(claimer.failed)}`,\n );\n }\n }\n\n if (r.challenger !== undefined) {\n if (r.challenger === null || typeof r.challenger !== \"object\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"challenger\" must be an object if present`,\n );\n }\n const challenger = r.challenger as Record<string, unknown>;\n if (typeof challenger.status !== \"string\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"challenger.status\" must be a string, got ${preview(challenger.status)}`,\n );\n }\n }\n}\n\nfunction validateDepositorGraphTransactions(\n graph: Record<string, unknown>,\n): void {\n validateTransactionData(graph.claim_tx, \"depositor_graph.claim_tx\");\n validateTransactionData(graph.assert_tx, \"depositor_graph.assert_tx\");\n validateTransactionData(graph.payout_tx, \"depositor_graph.payout_tx\");\n assertNonEmptyString(graph.payout_psbt, \"depositor_graph.payout_psbt\");\n\n if (!Array.isArray(graph.challenger_presign_data)) {\n throw new VpResponseValidationError(\n `VP response validation failed: \"depositor_graph.challenger_presign_data\" must be an array`,\n );\n }\n\n for (let i = 0; i < graph.challenger_presign_data.length; i++) {\n validatePresignDataPerChallenger(\n graph.challenger_presign_data[i],\n `depositor_graph.challenger_presign_data[${i}]`,\n );\n }\n\n if (typeof graph.offchain_params_version !== \"number\") {\n throw new VpResponseValidationError(\n `VP response validation failed: \"depositor_graph.offchain_params_version\" must be a number`,\n );\n }\n}\n","/**\n * JSON-RPC client for the Vault Provider API.\n *\n * Wraps {@link JsonRpcClient} with typed methods matching the\n * `vaultProvider_*` RPC namespace defined in the btc-vault pegin spec.\n *\n * Implements the narrow service interfaces (PeginStatusReader, WotsKeySubmitter,\n * PresignClient, ClaimerArtifactsReader) so it can be passed directly to\n * any deposit protocol service function.\n *\n * @see https://github.com/babylonlabs-io/btc-vault/blob/main/docs/pegin.md\n */\n\nimport type { PeginStatusReader, WotsKeySubmitter, PresignClient, ClaimerArtifactsReader } from \"../../services/deposit/interfaces\";\n\nimport {\n type BearerTokenProvider,\n JsonRpcClient,\n type JsonRpcClientConfig,\n} from \"./json-rpc-client\";\nimport type {\n GetPeginStatusParams,\n GetPeginStatusResponse,\n GetPegoutStatusParams,\n GetPegoutStatusResponse,\n RequestDepositorClaimerArtifactsParams,\n RequestDepositorClaimerArtifactsResponse,\n RequestDepositorPresignTransactionsParams,\n RequestDepositorPresignTransactionsResponse,\n SubmitDepositorPresignaturesParams,\n SubmitDepositorWotsKeyParams,\n} from \"./types\";\nimport {\n validateGetPeginStatusResponse,\n validateGetPegoutStatusResponse,\n validateRequestDepositorClaimerArtifactsResponse,\n validateRequestDepositorPresignTransactionsResponse,\n} from \"./validators\";\n\nexport interface VaultProviderRpcClientOptions {\n /** Timeout in milliseconds per request (default: 60000) */\n timeout?: number;\n /** Number of retry attempts for safe methods (default: 3) */\n retries?: number;\n /** Initial retry delay in milliseconds (default: 1000) */\n retryDelay?: number;\n /**\n * Custom retry predicate. Default retries only the idempotent read\n * methods: `getPeginStatus`, `getPegoutStatus`,\n * `requestDepositorPresignTransactions`.\n */\n retryableFor?: (method: string) => boolean;\n /** Custom headers. */\n headers?: Record<string, string>;\n /**\n * Per-request bearer-token source. A non-null return attaches\n * `Authorization: Bearer <token>`; `null` skips auth. Wire a\n * {@link VpTokenProvider} for depositor-gated methods.\n */\n tokenProvider?: BearerTokenProvider;\n /** Maximum response body size, in bytes, for typed JSON-RPC calls */\n maxResponseBytes?: number;\n}\n\nconst DEFAULT_TIMEOUT_MS = 60_000;\n\n/**\n * Concrete VP RPC client implementing all service interfaces.\n *\n * Usage:\n * ```ts\n * const client = new VaultProviderRpcClient(\"https://vp.example.com/rpc\");\n * const status = await client.getPeginStatus({ pegin_txid: \"abc...\" });\n * ```\n */\nexport class VaultProviderRpcClient\n implements PeginStatusReader, WotsKeySubmitter, PresignClient, ClaimerArtifactsReader\n{\n private client: JsonRpcClient;\n\n constructor(baseUrl: string, options?: VaultProviderRpcClientOptions) {\n const config: JsonRpcClientConfig = {\n baseUrl,\n timeout: options?.timeout ?? DEFAULT_TIMEOUT_MS,\n retries: options?.retries,\n retryDelay: options?.retryDelay,\n retryableFor: options?.retryableFor,\n headers: options?.headers,\n tokenProvider: options?.tokenProvider,\n maxResponseBytes: options?.maxResponseBytes,\n };\n this.client = new JsonRpcClient(config);\n }\n\n /**\n * Request the payout/claim/assert transactions that the depositor\n * needs to pre-sign before the vault can be activated on Bitcoin.\n */\n async requestDepositorPresignTransactions(\n params: RequestDepositorPresignTransactionsParams,\n signal?: AbortSignal,\n ): Promise<RequestDepositorPresignTransactionsResponse> {\n const response = await this.client.call<\n RequestDepositorPresignTransactionsParams,\n unknown\n >(\"vaultProvider_requestDepositorPresignTransactions\", params, signal);\n validateRequestDepositorPresignTransactionsResponse(response);\n return response;\n }\n\n /**\n * Submit the depositor's pre-signatures for the payout transactions\n * and the depositor-as-claimer graph.\n */\n async submitDepositorPresignatures(\n params: SubmitDepositorPresignaturesParams,\n signal?: AbortSignal,\n ): Promise<void> {\n return this.client.call<SubmitDepositorPresignaturesParams, void>(\n \"vaultProvider_submitDepositorPresignatures\",\n params,\n signal,\n );\n }\n\n /**\n * Submit the depositor's WOTS public key to the vault provider.\n * Called after the pegin is finalized on Ethereum, when the VP is in\n * `PendingDepositorWotsPK` status.\n */\n async submitDepositorWotsKey(\n params: SubmitDepositorWotsKeyParams,\n signal?: AbortSignal,\n ): Promise<void> {\n return this.client.call<SubmitDepositorWotsKeyParams, void>(\n \"vaultProvider_submitDepositorWotsKey\",\n params,\n signal,\n );\n }\n\n /**\n * Request the BaBe DecryptorArtifacts needed for the depositor to\n * independently evaluate garbled circuits during a challenge.\n */\n async requestDepositorClaimerArtifacts(\n params: RequestDepositorClaimerArtifactsParams,\n signal?: AbortSignal,\n ): Promise<RequestDepositorClaimerArtifactsResponse> {\n const response = await this.client.call<\n RequestDepositorClaimerArtifactsParams,\n unknown\n >(\"vaultProvider_requestDepositorClaimerArtifacts\", params, signal);\n validateRequestDepositorClaimerArtifactsResponse(response);\n return response;\n }\n\n /** Get the current pegin status from the vault provider daemon. */\n async getPeginStatus(\n params: GetPeginStatusParams,\n signal?: AbortSignal,\n ): Promise<GetPeginStatusResponse> {\n const response = await this.client.call<GetPeginStatusParams, unknown>(\n \"vaultProvider_getPeginStatus\",\n params,\n signal,\n );\n validateGetPeginStatusResponse(response);\n return response;\n }\n\n /** Get the current pegout status from the vault provider daemon. */\n async getPegoutStatus(\n params: GetPegoutStatusParams,\n signal?: AbortSignal,\n ): Promise<GetPegoutStatusResponse> {\n const response = await this.client.call<GetPegoutStatusParams, unknown>(\n \"vaultProvider_getPegoutStatus\",\n params,\n signal,\n );\n validateGetPegoutStatusResponse(response);\n return response;\n }\n}\n","/**\n * BIP-322 \"simple\" signature verification for P2TR key-path.\n *\n * Mirrors the Rust reference in\n * `btc-vault/crates/btc-signer/src/message.rs::verify_bip322_message`\n * (which delegates to `rust-bitcoin::bip322::verify_simple` for a\n * P2TR key-path-only address with no merkle root).\n *\n * The algorithm:\n *\n * 1. Compute the BIP-322 tagged-hash of the message:\n * m_hash = SHA256( SHA256(tag) || SHA256(tag) || message )\n * where tag = \"BIP0322-signed-message\".\n *\n * 2. Build a virtual \"to_spend\" transaction with one input (prevout\n * all-zero txid + 0xFFFFFFFF vout, scriptSig = `OP_0 PUSH32 m_hash`,\n * sequence = 0) and one output (value 0, scriptPubKey = P2TR for\n * the signer's x-only pubkey).\n *\n * 3. Build a \"to_sign\" transaction that spends to_spend[0] and has a\n * single `OP_RETURN` output (value 0).\n *\n * 4. Compute the BIP-341 taproot sighash of to_sign input 0 with\n * SIGHASH_DEFAULT (0x00).\n *\n * 5. Verify the 64-byte Schnorr signature against the **tweaked**\n * output key `Q = P + tap_tweak(P) * G`, where `tap_tweak(P) =\n * hash_TapTweak(serialize_x_only(P))` (no merkle root — key-path\n * only).\n *\n * `bitcoinjs-lib` handles (2)–(4); `tiny-secp256k1-asmjs` provides\n * the tweak and Schnorr verify. Pulling in a full BIP-322 library\n * would add a peer dep for what amounts to ~40 lines of glue.\n *\n * @module tbv/core/clients/vault-provider/auth/bip322Verify\n */\n\nimport * as ecc from \"@bitcoin-js/tiny-secp256k1-asmjs\";\nimport { payments, Transaction } from \"bitcoinjs-lib\";\n\nimport { Buffer } from \"buffer\";\nimport { sha256 } from \"@noble/hashes/sha2.js\";\n\n/** BIP-322 message tag (BIP-340 tagged-hash style). */\nconst BIP322_TAG = \"BIP0322-signed-message\";\n\n/** BIP-341 taproot-tweak tag. */\nconst TAPTWEAK_TAG = \"TapTweak\";\n\nconst X_ONLY_PUBKEY_SIZE = 32;\nconst SCHNORR_SIG_SIZE = 64;\n\n/**\n * BIP-340 tagged hash: `SHA256( SHA256(tag) || SHA256(tag) || data )`.\n * Used for both BIP-322 message hashing and BIP-341 tap-tweak.\n */\nfunction taggedHash(tag: string, data: Uint8Array): Uint8Array {\n const tagBytes = new TextEncoder().encode(tag);\n const tagHash = sha256(tagBytes);\n const preimage = new Uint8Array(tagHash.length * 2 + data.length);\n preimage.set(tagHash, 0);\n preimage.set(tagHash, tagHash.length);\n preimage.set(data, tagHash.length * 2);\n return sha256(preimage);\n}\n\n/**\n * Apply BIP-341 taproot tweak to an x-only pubkey with no merkle\n * root (key-path-only address).\n *\n * `tap_tweak = hash_TapTweak(P)`\n * `Q = P + tap_tweak * G` (x-only, even-Y parity)\n *\n * Returns the tweaked 32-byte x-only pubkey, or null if the tweak\n * produces a point-at-infinity or invalid result.\n */\nfunction tweakXOnlyKey(xOnly: Uint8Array): Uint8Array | null {\n if (xOnly.length !== X_ONLY_PUBKEY_SIZE) return null;\n const tweak = taggedHash(TAPTWEAK_TAG, xOnly);\n const tweaked = ecc.xOnlyPointAddTweak(xOnly, tweak);\n return tweaked ? tweaked.xOnlyPubkey : null;\n}\n\n/**\n * Verify a BIP-322 \"simple\" P2TR key-path signature over an arbitrary\n * byte message.\n *\n * @internal Exposed only so the golden-vector test suite can pin the\n * verifier independently of `verifyServerIdentity`. Production callers\n * should use `verifyServerIdentity` from `./serverIdentity` instead.\n *\n * @param messageBytes - The bytes that were signed (e.g. a CBOR-encoded\n * payload). Not pre-hashed; this function applies\n * the BIP-322 tagged hash internally.\n * @param xOnlyPubkey - 32-byte x-only pubkey of the signer (pre-tweak).\n * @param signature - 64-byte raw Schnorr signature (BIP-340), as\n * emitted by a key-path witness with\n * SIGHASH_DEFAULT.\n * @returns `true` if the signature verifies against the address\n * derived from `xOnlyPubkey`; `false` otherwise.\n */\nexport function verifyBip322Simple(\n messageBytes: Uint8Array,\n xOnlyPubkey: Uint8Array,\n signature: Uint8Array,\n): boolean {\n if (xOnlyPubkey.length !== X_ONLY_PUBKEY_SIZE) return false;\n if (signature.length !== SCHNORR_SIG_SIZE) return false;\n\n // Any exception from the underlying crypto libraries (e.g. the\n // `Expected Point` error `tiny-secp256k1` throws when the supplied\n // 32 bytes don't represent a valid x-coordinate on secp256k1) is\n // treated as a verification failure rather than propagated — a\n // verifier MUST return a boolean, not raise.\n try {\n // Step 1: BIP-322 tagged hash of the message.\n const messageHash = taggedHash(BIP322_TAG, messageBytes);\n\n // Step 2: scriptPubKey for the signer's P2TR key-path-only address.\n // bitcoinjs-lib's `payments.p2tr({ internalPubkey })` computes the\n // tweak and produces the `OP_1 <tweaked_xonly>` output script.\n const p2tr = payments.p2tr({\n internalPubkey: Buffer.from(xOnlyPubkey),\n });\n if (!p2tr.output) return false;\n const scriptPubKey = p2tr.output;\n\n // Step 3: build to_spend virtual tx.\n //\n // NOTE: bitcoinjs-lib v6.x's `Transaction.addOutput` and\n // `hashForWitnessV1` are typed for `Satoshi` (a UInt53 number),\n // not `bigint`. Passing `BigInt(0)` triggers a typeforce\n // assertion in `addOutput` (\"Expected property '1' of type\n // Satoshi, got BigInt 0\") which our outer try/catch silently\n // turns into `verify -> false`. Use plain `0` everywhere.\n const ZERO_SATS = 0;\n const toSpend = new Transaction();\n toSpend.version = 0;\n toSpend.locktime = 0;\n // scriptSig: OP_0 (0x00) + OP_PUSHBYTES_32 (0x20) + message_hash (32B)\n const scriptSig = Buffer.concat([\n Buffer.from([0x00, 0x20]),\n Buffer.from(messageHash),\n ]);\n toSpend.addInput(\n Buffer.alloc(32, 0), // prev_txid = 0x0000...0000\n 0xffffffff, // prev_vout = 0xFFFFFFFF\n 0, // sequence = 0\n scriptSig,\n );\n toSpend.addOutput(scriptPubKey, ZERO_SATS);\n\n // Step 4: build to_sign virtual tx spending to_spend[0].\n const toSign = new Transaction();\n toSign.version = 0;\n toSign.locktime = 0;\n // Bitcoin txid in natural-byte (little-endian) form.\n const toSpendTxid = toSpend.getHash();\n toSign.addInput(toSpendTxid, 0, 0);\n toSign.addOutput(Buffer.from([0x6a]), ZERO_SATS); // OP_RETURN\n\n // Step 5: taproot sighash for to_sign input 0 (SIGHASH_DEFAULT).\n const sighash = toSign.hashForWitnessV1(\n 0,\n [scriptPubKey],\n [ZERO_SATS],\n Transaction.SIGHASH_DEFAULT,\n );\n\n // Step 6: tweak the x-only pubkey (no merkle root) and verify Schnorr.\n const tweakedXOnly = tweakXOnlyKey(xOnlyPubkey);\n if (!tweakedXOnly) return false;\n\n return ecc.verifySchnorr(sighash, tweakedXOnly, signature);\n } catch {\n return false;\n }\n}\n","/**\n * Minimal CBOR encoder for the server-identity payload shape.\n *\n * We only need to encode one specific CBOR structure — the 3-tuple\n * `(SERVER_IDENTITY_DOMAIN, ephemeral_pubkey_bytes, expires_at_u64)` —\n * byte-for-byte identical to what the Rust `ciborium` crate produces\n * for the corresponding tuple, because that's the exact message the\n * VP signs with BIP-322.\n *\n * IMPORTANT encoding quirk: the Rust side passes the domain and\n * pubkey as `&[u8]` / `Vec<u8>` without a `#[serde(with = \"serde_bytes\")]`\n * attribute, so serde/ciborium encodes them as **CBOR arrays of u8**\n * (major type 4, one item per byte) — NOT as CBOR byte strings (major\n * type 2). A naive byte-string encoding would produce the wrong bytes\n * and signature verification would fail.\n *\n * Rather than pull in a full CBOR dependency for this one shape, we\n * implement the exact subset inline (~40 LOC) and pin it with golden\n * vectors against the Rust reference output.\n *\n * @module tbv/core/clients/vault-provider/auth/cbor\n */\n\n/**\n * Encode a small CBOR unsigned-integer \"head\" byte for major type\n * `major` (0..7) with argument `arg` (0..2^64-1).\n *\n * Returns the header bytes; the caller concatenates any trailing data\n * (e.g. array elements). Encoding rules:\n * arg < 24 → single byte `(major << 5) | arg`\n * arg < 256 → `(major << 5) | 24` + 1-byte arg\n * arg < 65536 → `(major << 5) | 25` + 2-byte BE arg\n * arg < 2^32 → `(major << 5) | 26` + 4-byte BE arg\n * arg < 2^64 → `(major << 5) | 27` + 8-byte BE arg\n */\nfunction cborHead(major: number, arg: number | bigint): Uint8Array {\n const tag = (major & 0x07) << 5;\n const n = typeof arg === \"bigint\" ? arg : BigInt(arg);\n if (n < 0n) throw new Error(\"cborHead: negative argument\");\n\n if (n < 24n) return new Uint8Array([tag | Number(n)]);\n if (n < 0x100n) return new Uint8Array([tag | 24, Number(n)]);\n if (n < 0x10000n) {\n const v = Number(n);\n return new Uint8Array([tag | 25, (v >>> 8) & 0xff, v & 0xff]);\n }\n if (n < 0x1_0000_0000n) {\n const v = Number(n);\n return new Uint8Array([\n tag | 26,\n (v >>> 24) & 0xff,\n (v >>> 16) & 0xff,\n (v >>> 8) & 0xff,\n v & 0xff,\n ]);\n }\n // 8-byte BE for u64 range\n const out = new Uint8Array(9);\n out[0] = tag | 27;\n for (let i = 7; i >= 0; i--) {\n out[1 + i] = Number(n >> BigInt((7 - i) * 8)) & 0xff;\n }\n return out;\n}\n\nfunction concat(...parts: Uint8Array[]): Uint8Array {\n const total = parts.reduce((s, p) => s + p.length, 0);\n const out = new Uint8Array(total);\n let offset = 0;\n for (const p of parts) {\n out.set(p, offset);\n offset += p.length;\n }\n return out;\n}\n\n/**\n * Encode a `Vec<u8>` / `&[u8]` the way ciborium does by default — as a\n * CBOR array of u8 (major type 4), one element per byte.\n *\n * Each byte becomes a CBOR unsigned integer (major type 0): bytes\n * < 24 are encoded as single bytes, bytes 24..255 as `0x18 XX`.\n */\nfunction encodeBytesAsArrayOfU8(bytes: Uint8Array): Uint8Array {\n const header = cborHead(4, bytes.length);\n const items: Uint8Array[] = [header];\n for (const b of bytes) {\n items.push(cborHead(0, b));\n }\n return concat(...items);\n}\n\n/**\n * Encode the server-identity payload the Rust side signs:\n *\n * ciborium::into_writer(\n * &(SERVER_IDENTITY_DOMAIN, ephemeral_pubkey.serialize().to_vec(), expires_at),\n * buf\n * )\n *\n * Output bytes are byte-for-byte identical to the Rust reference,\n * pinned by the golden vector in the corresponding test file.\n *\n * @internal Exposed only for the golden-vector test that pins this\n * encoding against ciborium's output. Production callers reach this\n * via `verifyServerIdentity` from `./serverIdentity`.\n *\n * @param domain - Must be `\"btc-auth.server-identity.v1\"` (27 bytes)\n * — the constant from btc-vault's `server_identity.rs`.\n * @param ephemeralPubkeyCompressed - 33-byte SEC1-compressed pubkey.\n * @param expiresAt - Unix timestamp (seconds). Must be a safe integer.\n */\nexport function encodeServerIdentityPayload(\n domain: Uint8Array,\n ephemeralPubkeyCompressed: Uint8Array,\n expiresAt: number,\n): Uint8Array {\n if (!Number.isSafeInteger(expiresAt) || expiresAt < 0) {\n throw new Error(\n `encodeServerIdentityPayload: expires_at must be a non-negative safe integer, got ${expiresAt}`,\n );\n }\n const arrayHeader = cborHead(4, 3); // 3-tuple encoded as array of 3\n const domainBytes = encodeBytesAsArrayOfU8(domain);\n const pubkeyBytes = encodeBytesAsArrayOfU8(ephemeralPubkeyCompressed);\n const expiresAtBytes = cborHead(0, expiresAt);\n return concat(arrayHeader, domainBytes, pubkeyBytes, expiresAtBytes);\n}\n","/**\n * Server-identity verification for the vault provider's\n * `auth_createDepositorToken` response.\n *\n * The VP returns a `ServerIdentityResponse` bundled with every issued\n * token:\n *\n * - `server_pubkey`: VP's persistent x-only pubkey (HEX, 32B)\n * - `ephemeral_pubkey`: VP's ephemeral token-signing key (HEX, 33B compressed)\n * - `expires_at`: Unix timestamp when the ephemeral key expires\n * - `signature`: BIP-322 signature by the persistent key over\n * `(SERVER_IDENTITY_DOMAIN, ephemeral_pubkey, expires_at)`\n *\n * The FE pins `server_pubkey` against the on-chain `VaultProvider.btcPubKey`\n * it reads from the registry contract. A mismatch rejects the token.\n *\n * @module tbv/core/clients/vault-provider/auth/serverIdentity\n */\n\nimport * as ecc from \"@bitcoin-js/tiny-secp256k1-asmjs\";\n\nimport {\n COMPRESSED_PUBKEY_HEX_LEN,\n SCHNORR_SIG_HEX_LEN,\n stripHexPrefix,\n X_ONLY_PUBKEY_HEX_LEN,\n} from \"../../../primitives/utils/bitcoin\";\nimport { HEX_RE } from \"../../../utils/validation\";\n\nimport { verifyBip322Simple } from \"./bip322Verify\";\nimport { encodeServerIdentityPayload } from \"./cbor\";\n\n/**\n * Byte-string domain the btc-vault Rust reference passes as the first\n * element of the CBOR tuple signed over for server-identity proofs.\n * Must match `SERVER_IDENTITY_DOMAIN` in\n * `btc-vault/crates/btc-auth/src/server_identity.rs`.\n */\nconst SERVER_IDENTITY_DOMAIN = new TextEncoder().encode(\n \"btc-auth.server-identity.v1\",\n);\n\n/**\n * Wire representation from btc-vault's `ServerIdentityResponse`.\n */\nexport interface ServerIdentityResponse {\n /** Hex-encoded x-only (32-byte) persistent server pubkey. */\n server_pubkey: string;\n /** Hex-encoded compressed (33-byte) ephemeral token-signing pubkey. */\n ephemeral_pubkey: string;\n /** Unix timestamp at which the ephemeral key expires. */\n expires_at: number;\n /** Hex-encoded 64-byte BIP-322 Schnorr signature. */\n signature: string;\n}\n\nexport interface VerifyServerIdentityInput {\n /** The proof returned by `auth_createDepositorToken`. */\n proof: ServerIdentityResponse;\n /**\n * The x-only persistent server pubkey the FE expects (sourced from\n * the on-chain `VaultProvider.btcPubKey` via the vault registry\n * reader). 64-char lowercase hex, no `0x` prefix.\n */\n pinnedServerPubkey: string;\n /** Current Unix timestamp in seconds. Injected for testability. */\n now: number;\n}\n\nexport class ServerIdentityError extends Error {\n constructor(\n message: string,\n public readonly reason:\n | \"pinned_pubkey_mismatch\"\n | \"expired\"\n | \"invalid_expires_at\"\n | \"invalid_pubkey_encoding\"\n | \"invalid_ephemeral_pubkey\"\n | \"invalid_signature_encoding\"\n | \"signature_verification_failed\",\n ) {\n super(message);\n this.name = \"ServerIdentityError\";\n }\n}\n\n/** Parse a lowercase-hex string to bytes. Expects even length, already validated. */\nfunction hexToBytes(hex: string): Uint8Array {\n const out = new Uint8Array(hex.length / 2);\n for (let i = 0; i < out.length; i++) {\n out[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);\n }\n return out;\n}\n\n\n/**\n * Verify a server identity proof against a pinned server pubkey.\n *\n * Checks:\n * 1. `server_pubkey` matches the pin.\n * 2. `expires_at > now` (with integer guards).\n * 3. `ephemeral_pubkey` is a well-formed 33-byte compressed pubkey.\n * 4. `signature` is a well-formed 64-byte Schnorr hex string.\n * 5. The BIP-322 Schnorr signature cryptographically verifies\n * against `server_pubkey` over the CBOR-encoded tuple\n * `(SERVER_IDENTITY_DOMAIN, ephemeral_pubkey, expires_at)`.\n *\n * Step 5 is what actually binds the ephemeral key to the persistent\n * pubkey — without it, a TLS-MITM attacker who reads the pinned\n * pubkey from the on-chain registry could substitute an arbitrary\n * ephemeral pubkey paired with any lexically-valid signature.\n *\n * @throws ServerIdentityError on any validation failure.\n */\nexport function verifyServerIdentity(input: VerifyServerIdentityInput): void {\n const { proof, pinnedServerPubkey, now } = input;\n\n const pinned = stripHexPrefix(pinnedServerPubkey).toLowerCase();\n if (pinned.length !== X_ONLY_PUBKEY_HEX_LEN || !HEX_RE.test(pinned)) {\n throw new ServerIdentityError(\n `pinnedServerPubkey must be 32-byte hex; got ${pinned.length} chars`,\n \"invalid_pubkey_encoding\",\n );\n }\n\n const actual = stripHexPrefix(proof.server_pubkey).toLowerCase();\n if (actual.length !== X_ONLY_PUBKEY_HEX_LEN || !HEX_RE.test(actual)) {\n throw new ServerIdentityError(\n `server_pubkey must be 32-byte hex; got ${actual.length} chars`,\n \"invalid_pubkey_encoding\",\n );\n }\n\n if (actual !== pinned) {\n throw new ServerIdentityError(\n `server_pubkey does not match pinned value: expected ${pinned}, got ${actual}`,\n \"pinned_pubkey_mismatch\",\n );\n }\n\n // Validate both sides of the comparison are well-formed integers\n // BEFORE comparing — untrusted JSON-RPC input can supply\n // undefined/NaN/string values for `expires_at`, and relational\n // comparisons with those silently evaluate to `false` (accepting the\n // proof). Caller's `now` is injected but we still sanity-check it.\n // Garbage data and \"valid but past\" both render the proof unusable\n // but mean different things to a caller — keep the reasons distinct.\n if (!Number.isSafeInteger(proof.expires_at)) {\n throw new ServerIdentityError(\n `expires_at must be a finite integer; got ${JSON.stringify(proof.expires_at)}`,\n \"invalid_expires_at\",\n );\n }\n if (!Number.isSafeInteger(now)) {\n throw new ServerIdentityError(\n `now must be a finite integer; got ${JSON.stringify(now)}`,\n \"invalid_expires_at\",\n );\n }\n if (proof.expires_at <= now) {\n throw new ServerIdentityError(\n `server identity proof expired at ${proof.expires_at}, now ${now}`,\n \"expired\",\n );\n }\n\n const eph = stripHexPrefix(proof.ephemeral_pubkey).toLowerCase();\n if (eph.length !== COMPRESSED_PUBKEY_HEX_LEN || !HEX_RE.test(eph)) {\n throw new ServerIdentityError(\n `ephemeral_pubkey must be 33-byte compressed hex; got ${eph.length} chars`,\n \"invalid_ephemeral_pubkey\",\n );\n }\n const prefix = eph.slice(0, 2);\n if (prefix !== \"02\" && prefix !== \"03\") {\n throw new ServerIdentityError(\n `ephemeral_pubkey must be compressed (prefix 02/03); got ${prefix}`,\n \"invalid_ephemeral_pubkey\",\n );\n }\n // Curve validation. The BIP-322 signature attests to the byte string\n // of `ephemeral_pubkey` only, not to its curve validity. Without\n // this check, a server could sign a structurally-valid byte string\n // that doesn't decode to a secp256k1 point — passing verification\n // here and surfacing as an obscure crypto error later when the\n // depositor tries to use the key. Reject up front.\n const ephBytes = hexToBytes(eph);\n if (!ecc.isPoint(ephBytes)) {\n throw new ServerIdentityError(\n \"ephemeral_pubkey is not a valid secp256k1 point\",\n \"invalid_ephemeral_pubkey\",\n );\n }\n\n const sig = stripHexPrefix(proof.signature).toLowerCase();\n if (sig.length !== SCHNORR_SIG_HEX_LEN || !HEX_RE.test(sig)) {\n throw new ServerIdentityError(\n `signature must be 64-byte Schnorr hex; got ${sig.length} chars`,\n \"invalid_signature_encoding\",\n );\n }\n\n // Cryptographic verification of the BIP-322 signature over the\n // CBOR-encoded payload. Without this, the ephemeral-key binding is\n // unenforced and a TLS-MITM could substitute a fake ephemeral key\n // alongside the real (publicly-readable) pinned pubkey.\n const payload = encodeServerIdentityPayload(\n SERVER_IDENTITY_DOMAIN,\n hexToBytes(eph),\n proof.expires_at,\n );\n const verified = verifyBip322Simple(payload, hexToBytes(actual), hexToBytes(sig));\n if (!verified) {\n throw new ServerIdentityError(\n \"BIP-322 signature verification failed — ephemeral key is not attested by pinned server pubkey\",\n \"signature_verification_failed\",\n );\n }\n}\n","/**\n * VP RPC methods that require `Authorization: Bearer <token>`.\n * Protocol invariant — must be kept in sync with the VP server.\n *\n * @stability frozen\n *\n * @module tbv/core/clients/vault-provider/auth/gatedMethods\n */\n\nexport const AUTH_GATED_METHODS: ReadonlySet<string> = new Set([\n \"vaultProvider_submitDepositorWotsKey\",\n \"vaultProvider_submitDepositorPresignatures\",\n \"vaultProvider_requestDepositorPresignTransactions\",\n]);\n","/**\n * Shared internals for the unauthenticated token-issuing JSON-RPC\n * client. The \"inner\" client is dedicated to `auth_createDepositorToken`\n * — it MUST NOT carry a `tokenProvider`, else the JSON-RPC header\n * builder would recurse into token acquisition.\n *\n * @module tbv/core/clients/vault-provider/auth/innerTokenClient\n */\n\nimport { JsonRpcClient } from \"../json-rpc-client\";\n\nconst TOKEN_RPC_TIMEOUT_MS = 60_000;\n\nexport const TOKEN_ISSUE_METHOD = \"auth_createDepositorToken\";\n\nexport function buildInnerTokenClient(\n baseUrl: string,\n headers?: Record<string, string>,\n): JsonRpcClient {\n return new JsonRpcClient({\n baseUrl,\n timeout: TOKEN_RPC_TIMEOUT_MS,\n headers,\n retryableFor: (method) => method === TOKEN_ISSUE_METHOD,\n });\n}\n","/**\n * `VpTokenProvider` — caches CWT bearer tokens issued by the vault\n * provider's `auth_createDepositorToken` RPC, with lazy expiry check\n * and single-flight concurrent acquire.\n *\n * Usage:\n *\n * ```ts\n * const provider = new VpTokenProvider({\n * client,\n * peginTxid,\n * authAnchorHex,\n * pinnedServerPubkey,\n * authGatedMethods,\n * });\n * const bearer = await provider.getToken(method); // null if not gated\n * ```\n *\n * The provider implements the `BearerTokenProvider` interface expected\n * by `JsonRpcClient`. Plug directly:\n *\n * ```ts\n * const client = new JsonRpcClient({ ..., tokenProvider: provider });\n * ```\n *\n * @module tbv/core/clients/vault-provider/auth/tokenProvider\n */\n\nimport type { OnChainBtcPubkey } from \"../../eth/types\";\nimport type { BearerTokenProvider, JsonRpcClient } from \"../json-rpc-client\";\nimport { TOKEN_ISSUE_METHOD } from \"./innerTokenClient\";\nimport {\n type ServerIdentityResponse,\n verifyServerIdentity,\n} from \"./serverIdentity\";\n\n/**\n * Maximum reasonable `expires_at` value (seconds since epoch). Guards\n * against a bogus far-future timestamp that would lock the cache on a\n * bad token forever. Jan 1, 2100 in Unix seconds.\n */\nconst MAX_EXPIRES_AT_SECS = 4_102_444_800;\n\n/**\n * Default safety margin before `expires_at` — we treat a token as\n * expired this many seconds before its stated expiry so that in-flight\n * requests don't race the expiry boundary.\n */\nconst DEFAULT_REFRESH_SKEW_SECS = 30;\n\n/**\n * Wire response shape of `auth_createDepositorToken`.\n */\nexport interface CreateDepositorTokenResponse {\n /** Base64url-encoded COSE Sign1 CWT bearer token. */\n token: string;\n /** Unix timestamp at which the token expires. */\n expires_at: number;\n /** Server identity proof bundled with every token response. */\n server_identity: ServerIdentityResponse;\n}\n\nexport interface VpTokenProviderConfig {\n client: JsonRpcClient;\n /** Per-vault depositor-signed PegIn tx id. NOT shared across sibling vaults in a batch. */\n peginTxid: string;\n /** 64-char hex of the 32-byte OP_RETURN auth-anchor preimage. */\n authAnchorHex: string;\n /** Pinned VP pubkey from the on-chain registry; branded so indexer mirrors can't substitute. */\n pinnedServerPubkey: OnChainBtcPubkey;\n /** Methods that require a bearer; `getToken` returns `null` for anything outside this set. */\n authGatedMethods: ReadonlySet<string>;\n /** Default {@link DEFAULT_REFRESH_SKEW_SECS}. */\n refreshSkewSecs?: number;\n /** Clock source for testability. */\n now?: () => number;\n}\n\ninterface CachedToken {\n token: string;\n expiresAt: number;\n}\n\n/**\n * Acquire, cache, and refresh VP bearer tokens.\n *\n * Implements {@link BearerTokenProvider}. Safe to pass directly into\n * `JsonRpcClient` as `tokenProvider`.\n */\nexport class VpTokenProvider implements BearerTokenProvider {\n // `client` is the only mutable field — see `setClient`. The\n // identity-bearing fields (peginTxid/authAnchorHex/pinnedServerPubkey)\n // remain readonly and are checked against re-registration in the\n // registry's `getOrCreate`.\n private client: JsonRpcClient;\n private readonly peginTxid: string;\n private readonly authAnchorHex: string;\n private readonly pinnedServerPubkey: OnChainBtcPubkey;\n private readonly authGatedMethods: ReadonlySet<string>;\n private readonly refreshSkewSecs: number;\n private readonly now: () => number;\n\n private cached: CachedToken | null = null;\n private inFlight: Promise<CachedToken> | null = null;\n\n constructor(config: VpTokenProviderConfig) {\n this.client = config.client;\n this.peginTxid = config.peginTxid;\n this.authAnchorHex = config.authAnchorHex;\n this.pinnedServerPubkey = config.pinnedServerPubkey;\n this.authGatedMethods = config.authGatedMethods;\n this.refreshSkewSecs = config.refreshSkewSecs ?? DEFAULT_REFRESH_SKEW_SECS;\n this.now = config.now ?? (() => Math.floor(Date.now() / 1000));\n }\n\n /**\n * Return a bearer token for `method`, or `null` if `method` is not\n * auth-gated. Triggers a token acquisition if no token is cached or\n * the cached token is within {@link refreshSkewSecs} of expiry.\n *\n * The token-issuing method itself is hard-exempted from the gate —\n * if `auth_createDepositorToken` were ever included in\n * `authGatedMethods` (caller misconfiguration) the provider would\n * recurse into `acquireSingleFlight` from inside the JSON-RPC header\n * builder before `inFlight` is assigned, defeating the single-flight\n * guard. Returning `null` here breaks that recursion deterministically.\n */\n async getToken(method: string): Promise<string | null> {\n if (method === TOKEN_ISSUE_METHOD) return null;\n if (!this.authGatedMethods.has(method)) return null;\n\n const cached = this.cached;\n if (cached && this.now() + this.refreshSkewSecs < cached.expiresAt) {\n return cached.token;\n }\n\n const fresh = await this.acquireSingleFlight();\n return fresh.token;\n }\n\n /**\n * Drop the cached token. Next `getToken` call re-acquires.\n * Called by `JsonRpcClient` on wire `auth_expired` responses.\n */\n invalidate(): void {\n this.cached = null;\n // Do NOT clear `inFlight` — a concurrent acquire is still valid;\n // the invalidator is saying \"the cached token is bad\", not \"any\n // in-flight acquire is bad\". The in-flight acquire will populate\n // a fresh `cached` on completion.\n }\n\n /**\n * Swap in a different transport for subsequent token-issuing calls.\n * Used by the registry when a later caller registers the same\n * `peginTxid` against a different `baseUrl` — the cached token\n * (bound to identity, not transport) stays valid, but future\n * refreshes hit the new URL. An in-flight acquire keeps using the\n * old client (it captured the reference); next call uses the new.\n */\n setClient(client: JsonRpcClient): void {\n this.client = client;\n }\n\n private acquireSingleFlight(): Promise<CachedToken> {\n const existing = this.inFlight;\n if (existing) return existing;\n\n const p = (async () => {\n try {\n const response = await this.client.call<\n { pegin_txid: string; auth_anchor: string },\n CreateDepositorTokenResponse\n >(TOKEN_ISSUE_METHOD, {\n pegin_txid: this.peginTxid,\n auth_anchor: this.authAnchorHex,\n });\n\n verifyServerIdentity({\n proof: response.server_identity,\n pinnedServerPubkey: this.pinnedServerPubkey,\n now: this.now(),\n });\n\n // Validate wire payload before caching so a malformed response\n // from a compromised VP or proxy can't poison the cache with\n // unusable values (non-string token, non-integer expiry, etc.).\n if (typeof response.token !== \"string\" || response.token.length === 0) {\n throw new Error(\n `VpTokenProvider: invalid token in acquire response (expected non-empty string, got ${typeof response.token})`,\n );\n }\n const now = this.now();\n if (\n !Number.isSafeInteger(response.expires_at) ||\n response.expires_at <= now ||\n response.expires_at > MAX_EXPIRES_AT_SECS\n ) {\n throw new Error(\n `VpTokenProvider: invalid expires_at in acquire response (got ${JSON.stringify(response.expires_at)}; must be a safe integer in (${now}, ${MAX_EXPIRES_AT_SECS}])`,\n );\n }\n\n const fresh: CachedToken = {\n token: response.token,\n expiresAt: response.expires_at,\n };\n this.cached = fresh;\n return fresh;\n } finally {\n this.inFlight = null;\n }\n })();\n\n this.inFlight = p;\n return p;\n }\n}\n","/**\n * In-memory registry of {@link VpTokenProvider} instances keyed by\n * the per-vault depositor-signed PegIn tx hash. Module-level\n * singleton, per-tab, never persisted.\n *\n * @module tbv/core/clients/vault-provider/auth/tokenRegistry\n */\n\nimport type { OnChainBtcPubkey } from \"../../eth/types\";\nimport type { JsonRpcClient } from \"../json-rpc-client\";\n\nimport { AUTH_GATED_METHODS } from \"./gatedMethods\";\nimport { VpTokenProvider } from \"./tokenProvider\";\n\nexport interface VpTokenRegistryInput {\n client: JsonRpcClient;\n peginTxid: string;\n authAnchorHex: string;\n pinnedServerPubkey: OnChainBtcPubkey;\n}\n\ninterface RegistryEntry {\n provider: VpTokenProvider;\n authAnchorHex: string;\n pinnedServerPubkey: OnChainBtcPubkey;\n}\n\nexport class VpTokenRegistry {\n private readonly entries = new Map<string, RegistryEntry>();\n\n /**\n * Return the cached `VpTokenProvider` for `peginTxid` if one exists\n * with matching `authAnchorHex` and `pinnedServerPubkey`, otherwise\n * construct and cache a fresh provider. A mismatch on either field\n * throws — silent overwrite would mask derivation drift or VP\n * pubkey rotation.\n */\n getOrCreate(input: VpTokenRegistryInput): VpTokenProvider {\n const existing = this.entries.get(input.peginTxid);\n if (existing) {\n if (existing.authAnchorHex !== input.authAnchorHex) {\n throw new Error(\n `VpTokenRegistry: peginTxid ${input.peginTxid} already bound to authAnchorHex ${existing.authAnchorHex.slice(0, 8)}…; got ${input.authAnchorHex.slice(0, 8)}…`,\n );\n }\n if (existing.pinnedServerPubkey !== input.pinnedServerPubkey) {\n throw new Error(\n `VpTokenRegistry: peginTxid ${input.peginTxid} already bound to pinnedServerPubkey ${existing.pinnedServerPubkey.slice(0, 8)}…; got ${input.pinnedServerPubkey.slice(0, 8)}…`,\n );\n }\n // Refresh the inner transport on every reuse so a VP URL\n // change between calls doesn't leave the cached provider\n // pinned to a dead URL for token refresh.\n existing.provider.setClient(input.client);\n return existing.provider;\n }\n\n const provider = new VpTokenProvider({\n client: input.client,\n peginTxid: input.peginTxid,\n authAnchorHex: input.authAnchorHex,\n pinnedServerPubkey: input.pinnedServerPubkey,\n authGatedMethods: AUTH_GATED_METHODS,\n });\n this.entries.set(input.peginTxid, {\n provider,\n authAnchorHex: input.authAnchorHex,\n pinnedServerPubkey: input.pinnedServerPubkey,\n });\n return provider;\n }\n\n /** Return the cached provider, or `undefined` if none. */\n peek(peginTxid: string): VpTokenProvider | undefined {\n return this.entries.get(peginTxid)?.provider;\n }\n\n /**\n * Evict the entry for `peginTxid`. Idempotent. Called on terminal\n * paths — activation success, user-cancel, or component unmount —\n * so `authAnchorHex` doesn't outlive the deposit session.\n */\n release(peginTxid: string): void {\n this.entries.delete(peginTxid);\n }\n\n /**\n * Wipe every cached entry. Test-only escape hatch — not exposed on\n * the public {@link VpTokenRegistryPublic} singleton type.\n *\n * @internal\n */\n clear(): void {\n this.entries.clear();\n }\n\n get size(): number {\n return this.entries.size;\n }\n}\n\n/**\n * Public surface of the singleton — excludes the test-only `clear`\n * method.\n */\nexport interface VpTokenRegistryPublic {\n getOrCreate(input: VpTokenRegistryInput): VpTokenProvider;\n peek(peginTxid: string): VpTokenProvider | undefined;\n release(peginTxid: string): void;\n readonly size: number;\n}\n\nexport const vpTokenRegistry: VpTokenRegistryPublic = new VpTokenRegistry();\n","/**\n * Build a {@link VaultProviderRpcClient} that auto-attaches CWT\n * bearer tokens on auth-gated methods. Caller pre-derives both the\n * `authAnchorHex` (from the wallet) and the `pinnedServerPubkey`\n * (from the on-chain registry) and hands them in — the SDK has no\n * notion of wallets here.\n *\n * @module tbv/core/clients/vault-provider/auth/createAuthenticatedVpClient\n */\n\nimport type { OnChainBtcPubkey } from \"../../eth/types\";\nimport {\n VaultProviderRpcClient,\n type VaultProviderRpcClientOptions,\n} from \"../api\";\n\nimport { buildInnerTokenClient } from \"./innerTokenClient\";\nimport { vpTokenRegistry } from \"./tokenRegistry\";\n\nexport interface AuthenticatedVpClientConfig {\n /** Base URL of the VP RPC endpoint (already proxied if applicable). */\n baseUrl: string;\n /** Per-vault depositor-signed PegIn tx id (registry cache key). */\n peginTxid: string;\n /** Already-derived 32-byte auth-anchor preimage (64-char hex, no `0x`). */\n authAnchorHex: string;\n /** On-chain VP pubkey, branded so it can only come from the registry reader. */\n pinnedServerPubkey: OnChainBtcPubkey;\n /** Optional outer-client tunables (timeout, retries, headers, etc.). */\n options?: VaultProviderRpcClientOptions;\n}\n\nexport function createAuthenticatedVpClient(\n config: AuthenticatedVpClientConfig,\n): VaultProviderRpcClient {\n const innerTokenClient = buildInnerTokenClient(\n config.baseUrl,\n config.options?.headers,\n );\n\n const tokenProvider = vpTokenRegistry.getOrCreate({\n client: innerTokenClient,\n peginTxid: config.peginTxid,\n authAnchorHex: config.authAnchorHex,\n pinnedServerPubkey: config.pinnedServerPubkey,\n });\n\n return new VaultProviderRpcClient(config.baseUrl, {\n ...config.options,\n tokenProvider,\n });\n}\n","/**\n * Pre-populate {@link vpTokenRegistry} when the caller already has\n * both the auth-anchor preimage and the on-chain VP pubkey. Seeds\n * the cache for a `peginTxid` so a later `createAuthenticatedVpClient`\n * call reuses the cached `VpTokenProvider` instead of rebuilding it.\n *\n * @module tbv/core/clients/vault-provider/auth/primeVpAuth\n */\n\nimport type { OnChainBtcPubkey } from \"../../eth/types\";\n\nimport { buildInnerTokenClient } from \"./innerTokenClient\";\nimport { vpTokenRegistry } from \"./tokenRegistry\";\n\nexport interface PrimeVpAuthInput {\n baseUrl: string;\n peginTxid: string;\n authAnchorHex: string;\n pinnedServerPubkey: OnChainBtcPubkey;\n /** Optional headers forwarded to the inner token client (e.g. gateway auth). */\n headers?: Record<string, string>;\n}\n\nexport function primeVpTokenRegistry(input: PrimeVpAuthInput): void {\n vpTokenRegistry.getOrCreate({\n client: buildInnerTokenClient(input.baseUrl, input.headers),\n peginTxid: input.peginTxid,\n authAnchorHex: input.authAnchorHex,\n pinnedServerPubkey: input.pinnedServerPubkey,\n });\n}\n","/**\n * Contract Address Resolver\n *\n * Resolves ProtocolParams and ApplicationRegistry contract addresses\n * from the BTCVaultRegistry contract. These addresses are needed to\n * construct the SDK's contract readers.\n *\n * @module clients/eth/contract-address-resolver\n */\n\nimport type { Address, PublicClient } from \"viem\";\n\nimport { BTCVaultRegistryABI } from \"../../contracts/abis/BTCVaultRegistry.abi\";\n\nexport interface ProtocolAddresses {\n /** Address of the ProtocolParams contract */\n protocolParams: Address;\n /** Address of the ApplicationRegistry contract */\n applicationRegistry: Address;\n}\n\n/**\n * Resolve ProtocolParams and ApplicationRegistry addresses from BTCVaultRegistry.\n *\n * Uses a single multicall for atomicity and efficiency.\n *\n * @param publicClient - viem PublicClient instance\n * @param btcVaultRegistryAddress - Address of the BTCVaultRegistry contract\n * @returns Resolved contract addresses\n */\nexport async function resolveProtocolAddresses(\n publicClient: PublicClient,\n btcVaultRegistryAddress: Address,\n): Promise<ProtocolAddresses> {\n const [protocolParams, applicationRegistry] = await publicClient.multicall({\n contracts: [\n {\n address: btcVaultRegistryAddress,\n abi: BTCVaultRegistryABI,\n functionName: \"protocolParams\",\n },\n {\n address: btcVaultRegistryAddress,\n abi: BTCVaultRegistryABI,\n functionName: \"applicationRegistry\",\n },\n ],\n allowFailure: false,\n });\n\n return {\n protocolParams: protocolParams as Address,\n applicationRegistry: applicationRegistry as Address,\n };\n}\n","/**\n * Concrete ProtocolParams reader using viem's readContract and multicall.\n *\n * This is an optional utility — callers can use their own implementation\n * of the ProtocolParamsReader interface.\n */\n\nimport type { Address, Hex, PublicClient } from \"viem\";\n\nimport { ProtocolParamsABI } from \"../../contracts/abis/ProtocolParams.abi\";\nimport type {\n PegInConfiguration,\n ProtocolParamsReader,\n TBVProtocolParams,\n VersionedOffchainParams,\n} from \"./types\";\n\n/**\n * Maximum value for a Solidity uint16.\n * PeginLogic.sol casts timelockAssert to uint16, so values above this are invalid.\n */\nconst UINT16_MAX = 65535;\n\n/**\n * Raw shape viem returns for VersionedOffchainParams struct.\n * viem resolves ABI struct outputs to named objects (not tuples).\n */\ninterface RawOffchainParams {\n timelockAssert: bigint;\n timelockChallengeAssert: bigint;\n securityCouncilKeys: readonly Hex[];\n councilQuorum: number;\n feeRate: bigint;\n babeTotalInstances: number;\n babeInstancesToFinalize: number;\n minVpCommissionBps: number;\n tRefund: number;\n tStale: number;\n minPeginFeeRate: bigint;\n proverProgramVersion: number;\n minPrepeginDepth: number;\n}\n\n/** Raw shape viem returns for TBVProtocolParams struct. */\ninterface RawTBVParams {\n minimumPegInAmount: bigint;\n maxPegInAmount: bigint;\n pegInAckTimeout: bigint;\n pegInActivationTimeout: bigint;\n maxHtlcOutputCount: number;\n}\n\n/** Map viem struct result to VersionedOffchainParams. */\nfunction mapOffchainParams(result: RawOffchainParams): VersionedOffchainParams {\n return {\n timelockAssert: result.timelockAssert,\n timelockChallengeAssert: result.timelockChallengeAssert,\n securityCouncilKeys: [...result.securityCouncilKeys],\n councilQuorum: result.councilQuorum,\n feeRate: result.feeRate,\n babeTotalInstances: result.babeTotalInstances,\n babeInstancesToFinalize: result.babeInstancesToFinalize,\n minVpCommissionBps: result.minVpCommissionBps,\n tRefund: result.tRefund,\n tStale: result.tStale,\n minPeginFeeRate: result.minPeginFeeRate,\n proverProgramVersion: result.proverProgramVersion,\n minPrepeginDepth: result.minPrepeginDepth,\n };\n}\n\n/** Map viem struct result to TBVProtocolParams. */\nfunction mapTBVParams(result: RawTBVParams): TBVProtocolParams {\n return {\n minimumPegInAmount: result.minimumPegInAmount,\n maxPegInAmount: result.maxPegInAmount,\n pegInAckTimeout: result.pegInAckTimeout,\n pegInActivationTimeout: result.pegInActivationTimeout,\n maxHtlcOutputCount: result.maxHtlcOutputCount,\n };\n}\n\n/**\n * Derive timelockPegin from timelockAssert.\n *\n * Matches PeginLogic.sol: `uint16(timelockAssert)`.\n * The contract validates `timelockAssert <= type(uint16).max` on write,\n * but we enforce the same bound here to reject invalid values early\n * rather than silently truncating.\n *\n * @throws if timelockAssert exceeds uint16 max (65535)\n */\nfunction deriveTimelockPegin(timelockAssert: bigint): number {\n if (timelockAssert > BigInt(UINT16_MAX)) {\n throw new Error(\n `timelockAssert value ${timelockAssert} exceeds uint16 max (${UINT16_MAX})`,\n );\n }\n return Number(timelockAssert);\n}\n\n/**\n * Concrete protocol params reader using viem.\n *\n * Usage:\n * ```ts\n * const reader = new ViemProtocolParamsReader(publicClient, protocolParamsAddress);\n * const config = await reader.getPegInConfiguration();\n * ```\n */\nexport class ViemProtocolParamsReader implements ProtocolParamsReader {\n constructor(\n private publicClient: PublicClient,\n private contractAddress: Address,\n ) {}\n\n async getTBVProtocolParams(): Promise<TBVProtocolParams> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ProtocolParamsABI,\n functionName: \"getTBVProtocolParams\",\n })) as RawTBVParams;\n\n return mapTBVParams(result);\n }\n\n async getLatestOffchainParams(): Promise<VersionedOffchainParams> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ProtocolParamsABI,\n functionName: \"getLatestOffchainParams\",\n })) as RawOffchainParams;\n\n return mapOffchainParams(result);\n }\n\n async getOffchainParamsByVersion(\n version: number,\n ): Promise<VersionedOffchainParams> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ProtocolParamsABI,\n functionName: \"getOffchainParamsByVersion\",\n args: [version],\n })) as RawOffchainParams;\n\n return mapOffchainParams(result);\n }\n\n async getLatestOffchainParamsVersion(): Promise<number> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ProtocolParamsABI,\n functionName: \"latestOffchainParamsVersion\",\n })) as number;\n\n return result;\n }\n\n async getTimelockPeginByVersion(version: number): Promise<number> {\n const params = await this.getOffchainParamsByVersion(version);\n return deriveTimelockPegin(params.timelockAssert);\n }\n\n /**\n * Read TBV protocol params and latest offchain params atomically via multicall.\n * Prevents TOCTOU inconsistency if governance updates params between reads.\n */\n async getPegInConfiguration(): Promise<PegInConfiguration> {\n const results = await this.publicClient.multicall({\n contracts: [\n {\n address: this.contractAddress,\n abi: ProtocolParamsABI,\n functionName: \"getTBVProtocolParams\",\n },\n {\n address: this.contractAddress,\n abi: ProtocolParamsABI,\n functionName: \"getLatestOffchainParams\",\n },\n ],\n allowFailure: false,\n });\n\n const tbvParams = mapTBVParams(results[0] as RawTBVParams);\n const offchainParams = mapOffchainParams(results[1] as RawOffchainParams);\n\n return {\n minimumPegInAmount: tbvParams.minimumPegInAmount,\n maxPegInAmount: tbvParams.maxPegInAmount,\n pegInAckTimeout: tbvParams.pegInAckTimeout,\n pegInActivationTimeout: tbvParams.pegInActivationTimeout,\n maxHtlcOutputCount: tbvParams.maxHtlcOutputCount,\n timelockPegin: deriveTimelockPegin(offchainParams.timelockAssert),\n timelockRefund: offchainParams.tRefund,\n minVpCommissionBps: offchainParams.minVpCommissionBps,\n offchainParams,\n };\n }\n}\n","/**\n * Concrete signer-set readers for vault keepers and universal challengers.\n *\n * These are optional utilities — callers can use their own implementations\n * of the VaultKeeperReader and UniversalChallengerReader interfaces.\n */\n\nimport type { Address, Hex, PublicClient } from \"viem\";\n\nimport { ApplicationRegistryABI } from \"../../contracts/abis/ApplicationRegistry.abi\";\nimport { ProtocolParamsABI } from \"../../contracts/abis/ProtocolParams.abi\";\nimport type {\n AddressBTCKeyPair,\n UniversalChallengerReader,\n VaultKeeperReader,\n} from \"./types\";\n\n/** Map viem tuple array to AddressBTCKeyPair[]. */\nfunction mapKeyPairs(\n result: readonly { ethAddress: Address; btcPubKey: Hex }[],\n): AddressBTCKeyPair[] {\n return result.map((pair) => ({\n ethAddress: pair.ethAddress,\n btcPubKey: pair.btcPubKey,\n }));\n}\n\n/**\n * Reads vault keepers from the ApplicationRegistry contract.\n *\n * Usage:\n * ```ts\n * const reader = new ViemVaultKeeperReader(publicClient, applicationRegistryAddress);\n * const keepers = await reader.getCurrentVaultKeepers(appEntryPoint);\n * ```\n */\nexport class ViemVaultKeeperReader implements VaultKeeperReader {\n constructor(\n private publicClient: PublicClient,\n private contractAddress: Address,\n ) {}\n\n async getVaultKeepersByVersion(\n appEntryPoint: Address,\n version: number,\n ): Promise<AddressBTCKeyPair[]> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ApplicationRegistryABI,\n functionName: \"getVaultKeepersByVersion\",\n args: [appEntryPoint, version],\n })) as readonly { ethAddress: Address; btcPubKey: Hex }[];\n\n return mapKeyPairs(result);\n }\n\n async getCurrentVaultKeepers(\n appEntryPoint: Address,\n ): Promise<AddressBTCKeyPair[]> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ApplicationRegistryABI,\n functionName: \"getCurrentVaultKeepers\",\n args: [appEntryPoint],\n })) as readonly { ethAddress: Address; btcPubKey: Hex }[];\n\n return mapKeyPairs(result);\n }\n\n async getCurrentVaultKeepersVersion(\n appEntryPoint: Address,\n ): Promise<number> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ApplicationRegistryABI,\n functionName: \"getCurrentVaultKeepersVersion\",\n args: [appEntryPoint],\n })) as number;\n\n return result;\n }\n}\n\n/**\n * Reads universal challengers from the ProtocolParams contract.\n *\n * Usage:\n * ```ts\n * const reader = new ViemUniversalChallengerReader(publicClient, protocolParamsAddress);\n * const challengers = await reader.getCurrentUniversalChallengers();\n * ```\n */\nexport class ViemUniversalChallengerReader implements UniversalChallengerReader {\n constructor(\n private publicClient: PublicClient,\n private contractAddress: Address,\n ) {}\n\n async getUniversalChallengersByVersion(\n version: number,\n ): Promise<AddressBTCKeyPair[]> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ProtocolParamsABI,\n functionName: \"getUniversalChallengersByVersion\",\n args: [version],\n })) as readonly { ethAddress: Address; btcPubKey: Hex }[];\n\n return mapKeyPairs(result);\n }\n\n async getCurrentUniversalChallengers(): Promise<AddressBTCKeyPair[]> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ProtocolParamsABI,\n functionName: \"getCurrentUniversalChallengers\",\n })) as readonly { ethAddress: Address; btcPubKey: Hex }[];\n\n return mapKeyPairs(result);\n }\n\n async getLatestUniversalChallengersVersion(): Promise<number> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: ProtocolParamsABI,\n functionName: \"latestUniversalChallengersVersion\",\n })) as number;\n\n return result;\n }\n}\n","/**\n * Concrete BTCVaultRegistry reader using viem's readContract.\n *\n * This is an optional utility — callers can use their own implementation\n * of the VaultRegistryReader interface.\n */\n\nimport * as ecc from \"@bitcoin-js/tiny-secp256k1-asmjs\";\nimport type { Address, Hex, PublicClient } from \"viem\";\n\nimport { hexToUint8Array } from \"../../primitives/utils/bitcoin\";\nimport { BTCVaultRegistryABI } from \"../../contracts/abis/BTCVaultRegistry.abi\";\nimport type {\n OnChainBtcPubkey,\n VaultBasicInfo,\n VaultData,\n VaultProtocolInfo,\n VaultRegistryReader,\n} from \"./types\";\n\n/**\n * Concrete vault registry reader using viem.\n *\n * Usage:\n * ```ts\n * const reader = new ViemVaultRegistryReader(publicClient, registryAddress);\n * const data = await reader.getVaultData(vaultId);\n * ```\n */\nexport class ViemVaultRegistryReader implements VaultRegistryReader {\n constructor(\n private publicClient: PublicClient,\n private contractAddress: Address,\n ) {}\n\n /**\n * Read the VP's persistent x-only BTC pubkey from the on-chain\n * registry. Validates length, hex form, and secp256k1 curve\n * membership before minting the brand. Returns 64-char lowercase\n * hex without the `0x` prefix.\n */\n async getVaultProviderBtcPubKey(\n vpAddress: Address,\n ): Promise<OnChainBtcPubkey> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: BTCVaultRegistryABI,\n functionName: \"getVaultProviderBTCKey\",\n args: [vpAddress],\n })) as Hex;\n const lowered = result.toLowerCase();\n if (!/^0x[0-9a-f]{64}$/.test(lowered)) {\n throw new Error(\n `getVaultProviderBTCKey returned an unexpected value (vp=${vpAddress}, length ${lowered.length}, prefix \"${lowered.slice(0, 2)}\")`,\n );\n }\n const stripped = lowered.slice(2);\n if (!ecc.isXOnlyPoint(hexToUint8Array(stripped))) {\n throw new Error(\n `getVaultProviderBTCKey returned a value that is not on the secp256k1 curve (vp=${vpAddress})`,\n );\n }\n return stripped as OnChainBtcPubkey;\n }\n\n async getVaultBasicInfo(vaultId: Hex): Promise<VaultBasicInfo> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: BTCVaultRegistryABI,\n functionName: \"getBtcVaultBasicInfo\",\n args: [vaultId],\n })) as {\n depositor: Address;\n depositorBtcPubKey: Hex;\n amount: bigint;\n vaultProvider: Address;\n status: number;\n applicationEntryPoint: Address;\n createdAt: bigint;\n };\n\n return {\n depositor: result.depositor,\n depositorBtcPubKey: result.depositorBtcPubKey,\n amount: result.amount,\n vaultProvider: result.vaultProvider,\n status: result.status,\n applicationEntryPoint: result.applicationEntryPoint,\n createdAt: result.createdAt,\n };\n }\n\n async getVaultProtocolInfo(vaultId: Hex): Promise<VaultProtocolInfo> {\n const result = (await this.publicClient.readContract({\n address: this.contractAddress,\n abi: BTCVaultRegistryABI,\n functionName: \"getBtcVaultProtocolInfo\",\n args: [vaultId],\n })) as {\n depositorSignedPeginTx: Hex;\n universalChallengersVersion: number;\n appVaultKeepersVersion: number;\n offchainParamsVersion: number;\n verifiedAt: bigint;\n depositorWotsPkHash: Hex;\n hashlock: Hex;\n htlcVout: number;\n depositorPopSignature: Hex;\n prePeginTxHash: Hex;\n vaultProviderCommissionBps: number;\n };\n\n return {\n depositorSignedPeginTx: result.depositorSignedPeginTx,\n universalChallengersVersion: result.universalChallengersVersion,\n appVaultKeepersVersion: result.appVaultKeepersVersion,\n offchainParamsVersion: result.offchainParamsVersion,\n verifiedAt: result.verifiedAt,\n depositorWotsPkHash: result.depositorWotsPkHash,\n hashlock: result.hashlock,\n htlcVout: result.htlcVout,\n depositorPopSignature: result.depositorPopSignature,\n prePeginTxHash: result.prePeginTxHash,\n vaultProviderCommissionBps: result.vaultProviderCommissionBps,\n };\n }\n\n async getVaultData(vaultId: Hex): Promise<VaultData> {\n const [basic, protocol] = await Promise.all([\n this.getVaultBasicInfo(vaultId),\n this.getVaultProtocolInfo(vaultId),\n ]);\n\n if (\n !protocol.depositorSignedPeginTx ||\n protocol.depositorSignedPeginTx === \"0x\"\n ) {\n throw new Error(\n `Vault ${vaultId} not found on-chain or has no pegin transaction`,\n );\n }\n\n return { basic, protocol };\n }\n}\n"],"names":["MAX_SATOSHIS","MEMPOOL_REQUEST_TIMEOUT_MS","fetchWithTimeout","url","options","controller","timeoutId","signals","error","MAX_FEE_RATE","isValidSatoshiValue","value","isValidFeeRate","isValidVout","vout","outputCount","assertValidTxid","txid","TXID_RE","assertValidAddress","address","BITCOIN_ADDRESS_RE","assertValidScriptPubKey","scriptPubKey","context","HEX_RE","KNOWN_SCRIPT_PREFIXES","prefix","MEMPOOL_API_URLS","fetchApi","response","errorText","contentType","pushTx","txHex","apiUrl","message","getTxInfo","getTxHex","getUtxoInfo","txInfo","output","getAddressUtxos","utxos","addressInfo","utxo","a","b","getMempoolApiUrl","network","getAddressTxs","getNetworkFees","data","feeFields","field","ApplicationRegistryABI","ProtocolParamsABI","DAEMON_STATUS_VALUES","DaemonStatus","VP_ERROR_PREVIEW_MAX_LEN","preview","_a","VP_VALIDATION_USER_MESSAGE","VpResponseValidationError","detail","__publicField","TXID_HEX_LEN","isNonEmptyHex","isNonEmptyString","assertNonEmptyHex","assertNonEmptyString","assertBtcPubkey","X_ONLY_PUBKEY_HEX_LEN","COMPRESSED_PUBKEY_HEX_LEN","validatePresigningProgressFields","progress","presigning","p","validateGetPeginStatusResponse","r","validateRequestDepositorPresignTransactionsResponse","i","validateClaimerTransactions","validateDepositorGraphTransactions","validateTransactionData","tx","validateChallengeAssertConnectorData","c","validatePresignDataPerChallenger","d","validateRequestDepositorClaimerArtifactsResponse","key","session","s","validateGetPegoutStatusResponse","claimer","challenger","graph","DEFAULT_TIMEOUT_MS","VaultProviderRpcClient","baseUrl","config","JsonRpcClient","params","signal","BIP322_TAG","TAPTWEAK_TAG","X_ONLY_PUBKEY_SIZE","SCHNORR_SIG_SIZE","taggedHash","tag","tagBytes","tagHash","sha256","preimage","tweakXOnlyKey","xOnly","tweak","tweaked","ecc","verifyBip322Simple","messageBytes","xOnlyPubkey","signature","messageHash","p2tr","payments","Buffer","ZERO_SATS","toSpend","Transaction","scriptSig","toSign","toSpendTxid","sighash","tweakedXOnly","cborHead","major","arg","n","v","out","concat","parts","total","offset","encodeBytesAsArrayOfU8","bytes","items","encodeServerIdentityPayload","domain","ephemeralPubkeyCompressed","expiresAt","arrayHeader","domainBytes","pubkeyBytes","expiresAtBytes","SERVER_IDENTITY_DOMAIN","ServerIdentityError","reason","hexToBytes","hex","verifyServerIdentity","input","proof","pinnedServerPubkey","now","pinned","stripHexPrefix","actual","eph","ephBytes","sig","SCHNORR_SIG_HEX_LEN","payload","AUTH_GATED_METHODS","TOKEN_RPC_TIMEOUT_MS","TOKEN_ISSUE_METHOD","buildInnerTokenClient","headers","method","MAX_EXPIRES_AT_SECS","DEFAULT_REFRESH_SKEW_SECS","VpTokenProvider","cached","client","existing","fresh","VpTokenRegistry","provider","peginTxid","vpTokenRegistry","createAuthenticatedVpClient","innerTokenClient","tokenProvider","primeVpTokenRegistry","resolveProtocolAddresses","publicClient","btcVaultRegistryAddress","protocolParams","applicationRegistry","BTCVaultRegistryABI","UINT16_MAX","mapOffchainParams","result","mapTBVParams","deriveTimelockPegin","timelockAssert","ViemProtocolParamsReader","contractAddress","version","results","tbvParams","offchainParams","mapKeyPairs","pair","ViemVaultKeeperReader","appEntryPoint","ViemUniversalChallengerReader","ViemVaultRegistryReader","vpAddress","lowered","stripped","hexToUint8Array","vaultId","basic","protocol"],"mappings":";;;;;;;;;;AAmBA,MAAMA,KAAe,OAAa,KAG5BC,IAA6B;AAMnC,eAAeC,EACbC,GACAC,GACmB;AACnB,QAAMC,IAAa,IAAI,gBAAA,GACjBC,IAAY;AAAA,IAChB,MAAMD,EAAW,MAAA;AAAA,IACjBJ;AAAA,EAAA,GAIIM,IAAU,CAACF,EAAW,QAAQD,KAAA,gBAAAA,EAAS,MAAM,EAAE;AAAA,IACnD;AAAA,EAAA;AAGF,MAAI;AAEF,WAAO,MAAM,MAAMD,GAAK;AAAA,MACtB,GAAGC;AAAA,MACH,QAAQ,YAAY,IAAIG,CAAO;AAAA,IAAA,CAChC;AAAA,EACH,SAASC,GAAO;AAEd,UADA,aAAaF,CAAS,GAEpBE,KAAS,QACT,OAAOA,KAAU,YACjB,UAAUA,KACVA,EAAM,SAAS,eAET,IAAI;AAAA,MACR,uCAAuCP,CAA0B,OAAOE,CAAG;AAAA,IAAA,IAGzEK;AAAA,EACR;AACF;AAMA,MAAMC,IAAe;AAErB,SAASC,EAAoBC,GAAwB;AACnD,SAAO,OAAO,UAAUA,CAAK,KAAKA,IAAQ,KAAKA,KAASX;AAC1D;AAEA,SAASY,GAAeD,GAAwB;AAC9C,SAAO,OAAO,UAAUA,CAAK,KAAKA,IAAQ,KAAKA,KAASF;AAC1D;AAEA,SAASI,EAAYC,GAAcC,GAA+B;AAChE,SAAI,CAAC,OAAO,UAAUD,CAAI,KAAKA,IAAO,IAAU,KACzCC,MAAgB,UAAaD,IAAOC;AAC7C;AAGA,SAASC,EAAgBC,GAAoB;AAC3C,MAAI,CAACC,GAAQ,KAAKD,CAAI;AACpB,UAAM,IAAI,MAAM,kCAAkCA,CAAI,EAAE;AAE5D;AAEA,SAASE,EAAmBC,GAAuB;AACjD,MAAI,CAACC,GAAmB,KAAKD,CAAO;AAClC,UAAM,IAAI,MAAM,mCAAmCA,CAAO,EAAE;AAEhE;AAEA,SAASE,EAAwBC,GAAsBC,GAAuB;AAC5E,MAAI,CAACC,EAAO,KAAKF,CAAY;AAC3B,UAAM,IAAI;AAAA,MACR,2CAA2CC,CAAO;AAAA,IAAA;AAMtD,MAAI,CAHqBE,GAAsB;AAAA,IAAK,CAACC,MACnDJ,EAAa,YAAA,EAAc,WAAWI,CAAM;AAAA,EAAA;AAG5C,UAAM,IAAI;AAAA,MACR,sCAAsCH,CAAO,YACjCD,EAAa,MAAM,GAAG,CAAC,CAAC;AAAA,IAAA;AAG1C;AAKO,MAAMK,KAAmB;AAAA,EAC9B,SAAS;AAAA,EACT,SAAS;AAAA,EACT,QAAQ;AACV;AAKA,eAAeC,EACb1B,GACAC,GACY;AACZ,MAAI;AACF,UAAM0B,IAAW,MAAM5B,EAAiBC,GAAKC,CAAO;AAEpD,QAAI,CAAC0B,EAAS,IAAI;AAChB,YAAMC,IAAY,MAAMD,EAAS,KAAA;AACjC,YAAM,IAAI;AAAA,QACR,sBAAsBA,EAAS,MAAM,MAAMC,KAAaD,EAAS,UAAU;AAAA,MAAA;AAAA,IAE/E;AAEA,UAAME,IAAcF,EAAS,QAAQ,IAAI,cAAc;AACvD,WAAIE,KAAA,QAAAA,EAAa,SAAS,sBAChB,MAAMF,EAAS,KAAA,IAEf,MAAMA,EAAS,KAAA;AAAA,EAE3B,SAAStB,GAAO;AACd,UAAIA,aAAiB,QACb,IAAI,MAAM,qCAAqCA,EAAM,OAAO,EAAE,IAEhE,IAAI,MAAM,iDAAiD;AAAA,EACnE;AACF;AAUA,eAAsByB,GAAOC,GAAeC,GAAiC;AAC3E,MAAI;AACF,UAAML,IAAW,MAAM5B,EAAiB,GAAGiC,CAAM,OAAO;AAAA,MACtD,QAAQ;AAAA,MACR,MAAMD;AAAA,MACN,SAAS;AAAA,QACP,gBAAgB;AAAA,MAAA;AAAA,IAClB,CACD;AAED,QAAI,CAACJ,EAAS,IAAI;AAChB,YAAMC,IAAY,MAAMD,EAAS,KAAA;AAEjC,UAAIM;AACJ,UAAI;AAEF,QAAAA,IADkB,KAAK,MAAML,CAAS,EAClB;AAAA,MACtB,QAAQ;AAEN,QAAAK,IAAUL;AAAA,MACZ;AACA,YAAM,IAAI;AAAA,QACRK,KAAW,oCAAoCN,EAAS,UAAU;AAAA,MAAA;AAAA,IAEtE;AAIA,WADa,MAAMA,EAAS,KAAA;AAAA,EAE9B,SAAStB,GAAO;AACd,UAAIA,aAAiB,QACb,IAAI,MAAM,wCAAwCA,EAAM,OAAO,EAAE,IAEnE,IAAI,MAAM,oDAAoD;AAAA,EACtE;AACF;AASA,eAAsB6B,GAAUpB,GAAckB,GAAiC;AAC7E,SAAAnB,EAAgBC,CAAI,GACbY,EAAiB,GAAGM,CAAM,OAAOlB,CAAI,EAAE;AAChD;AAUA,eAAsBqB,GAASrB,GAAckB,GAAiC;AAC5E,EAAAnB,EAAgBC,CAAI;AACpB,MAAI;AACF,UAAMa,IAAW,MAAM5B,EAAiB,GAAGiC,CAAM,OAAOlB,CAAI,MAAM;AAElE,QAAI,CAACa,EAAS,IAAI;AAChB,YAAMC,IAAY,MAAMD,EAAS,KAAA;AACjC,YAAM,IAAI;AAAA,QACR,sBAAsBA,EAAS,MAAM,MAAMC,KAAaD,EAAS,UAAU;AAAA,MAAA;AAAA,IAE/E;AAEA,WAAO,MAAMA,EAAS,KAAA;AAAA,EACxB,SAAStB,GAAO;AACd,UAAIA,aAAiB,QACb,IAAI,MAAM,qCAAqCS,CAAI,KAAKT,EAAM,OAAO,EAAE,IAEzE,IAAI,MAAM,qCAAqCS,CAAI,iBAAiB;AAAA,EAC5E;AACF;AAaA,eAAsBsB,GACpBtB,GACAH,GACAqB,GACmB;AACnB,EAAAnB,EAAgBC,CAAI;AACpB,QAAMuB,IAAS,MAAMH,GAAUpB,GAAMkB,CAAM;AAE3C,MAAI,CAACtB,EAAYC,GAAM0B,EAAO,KAAK,MAAM;AACvC,UAAM,IAAI;AAAA,MACR,gBAAgB1B,CAAI,oBAAoBG,CAAI,SAASuB,EAAO,KAAK,MAAM;AAAA,IAAA;AAI3E,QAAMC,IAASD,EAAO,KAAK1B,CAAI;AAC/B,MAAI,CAACJ,EAAoB+B,EAAO,KAAK;AACnC,UAAM,IAAI,MAAM,sBAAsBA,EAAO,KAAK,QAAQxB,CAAI,IAAIH,CAAI,EAAE;AAE1E,SAAAQ,EAAwBmB,EAAO,cAAc,GAAGxB,CAAI,IAAIH,CAAI,EAAE,GAEvD;AAAA,IACL,MAAAG;AAAA,IACA,MAAAH;AAAA,IACA,OAAO2B,EAAO;AAAA,IACd,cAAcA,EAAO;AAAA,EAAA;AAEzB;AASA,eAAsBC,GACpBtB,GACAe,GACwB;AACxB,EAAAhB,EAAmBC,CAAO;AAC1B,MAAI;AAEF,UAAMuB,IAAQ,MAAMd,EASlB,GAAGM,CAAM,YAAYf,CAAO,OAAO,GAG/BwB,IAAc,MAAMf,EAGvB,GAAGM,CAAM,wBAAwBf,CAAO,EAAE;AAE7C,QAAI,CAACwB,EAAY;AACf,YAAM,IAAI;AAAA,QACR,4BAA4BxB,CAAO;AAAA,MAAA;AAGvC,IAAAE,EAAwBsB,EAAY,cAAcxB,CAAO;AAQzD,eAAWyB,KAAQF,GAAO;AAExB,UADA3B,EAAgB6B,EAAK,IAAI,GACrB,CAAChC,EAAYgC,EAAK,IAAI;AACxB,cAAM,IAAI,MAAM,gBAAgBA,EAAK,IAAI,QAAQA,EAAK,IAAI,EAAE;AAE9D,UAAI,CAACnC,EAAoBmC,EAAK,KAAK;AACjC,cAAM,IAAI;AAAA,UACR,sBAAsBA,EAAK,KAAK,QAAQA,EAAK,IAAI,IAAIA,EAAK,IAAI;AAAA,QAAA;AAAA,IAGpE;AAKA,WAFoBF,EAAM,KAAK,CAACG,GAAGC,MAAMA,EAAE,QAAQD,EAAE,KAAK,EAEvC,IAAI,CAACD,OAAU;AAAA,MAChC,MAAMA,EAAK;AAAA,MACX,MAAMA,EAAK;AAAA,MACX,OAAOA,EAAK;AAAA,MACZ,cAAcD,EAAY;AAAA,MAC1B,WAAWC,EAAK,OAAO;AAAA,IAAA,EACvB;AAAA,EACJ,SAASrC,GAAO;AACd,UAAIA,aAAiB,QACb,IAAI;AAAA,MACR,mCAAmCY,CAAO,KAAKZ,EAAM,OAAO;AAAA,IAAA,IAG1D,IAAI;AAAA,MACR,mCAAmCY,CAAO;AAAA,IAAA;AAAA,EAE9C;AACF;AAQO,SAAS4B,GACdC,GACQ;AACR,SAAOrB,GAAiBqB,CAAO;AACjC;AAuBA,eAAsBC,GACpB9B,GACAe,GACsB;AACtB,SAAAhB,EAAmBC,CAAO,GACnBS,EAAsB,GAAGM,CAAM,YAAYf,CAAO,MAAM;AACjE;AAWA,eAAsB+B,GAAehB,GAAsC;AACzE,QAAML,IAAW,MAAM5B,EAAiB,GAAGiC,CAAM,sBAAsB;AAEvE,MAAI,CAACL,EAAS;AACZ,UAAM,IAAI;AAAA,MACR,iCAAiCA,EAAS,MAAM,IAAIA,EAAS,UAAU;AAAA,IAAA;AAI3E,QAAMsB,IAAO,MAAMtB,EAAS,KAAA,GAEtBuB,IAAY;AAAA,IAChB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAGF,aAAWC,KAASD;AAClB,QAAI,CAACzC,GAAewC,EAAKE,CAAK,CAAC;AAC7B,YAAM,IAAI;AAAA,QACR,oBAAoBA,CAAK,IAAIF,EAAKE,CAAK,CAAC,mDAAmD7C,CAAY;AAAA,MAAA;AAK7G,MACE2C,EAAK,aAAaA,EAAK,cACvBA,EAAK,aAAaA,EAAK,WACvBA,EAAK,UAAUA,EAAK,eACpBA,EAAK,cAAcA,EAAK;AAExB,UAAM,IAAI;AAAA,MACR,sEACiBA,EAAK,UAAU,oBAAoBA,EAAK,UAAU,iBACrDA,EAAK,OAAO,qBAAqBA,EAAK,WAAW,oBAC9CA,EAAK,UAAU;AAAA,IAAA;AAIpC,SAAOA;AACT;ACxbO,MAAMG,IAAyB;AAAA,EACpC;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,QACd,YAAY;AAAA,UACV;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,QACd,YAAY;AAAA,UACV;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAErB,GCvFaC,IAAoB;AAAA,EAC/B;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,IACR,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,QACd,YAAY;AAAA,UACV;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,IACR,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,QACd,YAAY;AAAA,UACV;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,QACd,YAAY;AAAA,UACV;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,IACR,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,QACd,YAAY;AAAA,UACV;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,IACR,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,QACd,YAAY;AAAA,UACV;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,IACR,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAErB,GCjRMC,IAAuB,IAAI,IAAY,OAAO,OAAOC,EAAY,CAAC,GAElEC,KAA2B;AAEjC,SAASC,EAAQjD,GAAwB;;AACvC,WACEkD,IAAA,KAAK,UAAUlD,CAAK,MAApB,gBAAAkD,EAAuB,MAAM,GAAGF,QAA6B;AAEjE;AAEA,MAAMG,KACJ;AAQK,MAAMC,UAAkC,MAAM;AAAA,EAGnD,YAAYC,GAAgB;AAC1B,UAAMF,EAA0B;AAHzB,IAAAG,EAAA;AAIP,SAAK,OAAO,6BACZ,KAAK,SAASD;AAAA,EAChB;AACF;AAGA,MAAME,IAAe;AAErB,SAASC,EAAcxD,GAAiC;AACtD,SAAO,OAAOA,KAAU,YAAYA,EAAM,SAAS,KAAKc,EAAO,KAAKd,CAAK;AAC3E;AAEA,SAASyD,EAAiBzD,GAAiC;AACzD,SAAO,OAAOA,KAAU,YAAYA,EAAM,SAAS;AACrD;AAEA,SAAS0D,GAAkB1D,GAAgB2C,GAAqB;AAC9D,MAAI,CAACa,EAAcxD,CAAK;AACtB,UAAM,IAAIoD;AAAA,MACR,mCAAmCT,CAAK,yCAAyCM,EAAQjD,CAAK,CAAC;AAAA,IAAA;AAGrG;AAEA,SAAS2D,EAAqB3D,GAAgB2C,GAAqB;AACjE,MAAI,CAACc,EAAiBzD,CAAK;AACzB,UAAM,IAAIoD;AAAA,MACR,mCAAmCT,CAAK,qCAAqCM,EAAQjD,CAAK,CAAC;AAAA,IAAA;AAGjG;AAMA,SAAS4D,GAAgB5D,GAAgB2C,GAAqB;AAC5D,MACE,CAACa,EAAcxD,CAAK,KACnBA,EAAM,WAAW6D,KAChB7D,EAAM,WAAW8D;AAEnB,UAAM,IAAIV;AAAA,MACR,mCAAmCT,CAAK,eAAekB,CAAqB,OAAOC,CAAyB,sCAAsCb,EAAQjD,CAAK,CAAC;AAAA,IAAA;AAGtK;AAKA,SAAS+D,GACPC,GACM;AACN,QAAMC,IAAaD,EAAS;AAC5B,MAAgCC,KAAe,KAAM;AACrD,MAAI,OAAOA,KAAe,YAAY,MAAM,QAAQA,CAAU;AAC5D,UAAM,IAAIb;AAAA,MACR;AAAA,IAAA;AAIJ,QAAMc,IAAID;AAEV,MACEC,EAAE,4BAA4B,UAC9B,OAAOA,EAAE,2BAA4B;AAErC,UAAM,IAAId;AAAA,MACR,kHAAkHH,EAAQiB,EAAE,uBAAuB,CAAC;AAAA,IAAA;AAIxJ,MACEA,EAAE,uCAAuC,UACzC,OAAOA,EAAE,sCAAuC;AAEhD,UAAM,IAAId;AAAA,MACR,4HAA4HH,EAAQiB,EAAE,kCAAkC,CAAC;AAAA,IAAA;AAI7K,MACEA,EAAE,mCAAmC,UACrC,OAAOA,EAAE,kCAAmC;AAE5C,UAAM,IAAId;AAAA,MACR,wHAAwHH,EAAQiB,EAAE,8BAA8B,CAAC;AAAA,IAAA;AAGvK;AAOO,SAASC,GACdhD,GAC4C;AAC5C,MAAIA,MAAa,QAAQ,OAAOA,KAAa;AAC3C,UAAM,IAAIiC;AAAA,MACR;AAAA,IAAA;AAIJ,QAAMgB,IAAIjD;AAEV,MAAI,CAACqC,EAAcY,EAAE,UAAU,KAAKA,EAAE,WAAW,WAAWb;AAC1D,UAAM,IAAIH;AAAA,MACR,yDAAyDG,CAAY,gCAAgCN,EAAQmB,EAAE,UAAU,CAAC;AAAA,IAAA;AAI9H,MAAI,OAAOA,EAAE,UAAW;AACtB,UAAM,IAAIhB;AAAA,MACR;AAAA,IAAA;AAIJ,MAAI,CAACN,EAAqB,IAAIsB,EAAE,MAAM;AACpC,UAAM,IAAIhB;AAAA,MACR,uDAAuDgB,EAAE,MAAM,uBAAuB,CAAC,GAAGtB,CAAoB,EAAE,KAAK,IAAI,CAAC;AAAA,IAAA;AAI9H,MACEsB,EAAE,aAAa,QACf,OAAOA,EAAE,YAAa,YACtB,MAAM,QAAQA,EAAE,QAAQ;AAExB,UAAM,IAAIhB;AAAA,MACR;AAAA,IAAA;AAMJ,MAFAW,GAAiCK,EAAE,QAAmC,GAElE,OAAOA,EAAE,eAAgB;AAC3B,UAAM,IAAIhB;AAAA,MACR;AAAA,IAAA;AAIJ,MAAIgB,EAAE,eAAe,UAAa,OAAOA,EAAE,cAAe;AACxD,UAAM,IAAIhB;AAAA,MACR,gFAAgFH,EAAQmB,EAAE,UAAU,CAAC;AAAA,IAAA;AAG3G;AAKO,SAASC,GACdlD,GACiE;AACjE,MAAIA,MAAa,QAAQ,OAAOA,KAAa;AAC3C,UAAM,IAAIiC;AAAA,MACR;AAAA,IAAA;AAIJ,QAAMgB,IAAIjD;AAEV,MAAI,CAAC,MAAM,QAAQiD,EAAE,GAAG;AACtB,UAAM,IAAIhB;AAAA,MACR;AAAA,IAAA;AAIJ,WAASkB,IAAI,GAAGA,IAAIF,EAAE,IAAI,QAAQE;AAChC,IAAAC,GAA4BH,EAAE,IAAIE,CAAC,GAAG,OAAOA,CAAC,GAAG;AAGnD,MAAIF,EAAE,oBAAoB,QAAQ,OAAOA,EAAE,mBAAoB;AAC7D,UAAM,IAAIhB;AAAA,MACR;AAAA,IAAA;AAIJ,EAAAoB;AAAA,IACEJ,EAAE;AAAA,EAAA;AAEN;AAEA,SAASK,EAAwBzE,GAAgB2C,GAAqB;AACpE,MAAI3C,MAAU,QAAQ,OAAOA,KAAU;AACrC,UAAM,IAAIoD;AAAA,MACR,mCAAmCT,CAAK;AAAA,IAAA;AAI5C,EAAAe,GADW1D,EACU,QAAQ,GAAG2C,CAAK,SAAS;AAChD;AAEA,SAAS4B,GAA4BvE,GAAgB2C,GAAqB;AACxE,MAAI3C,MAAU,QAAQ,OAAOA,KAAU;AACrC,UAAM,IAAIoD;AAAA,MACR,mCAAmCT,CAAK;AAAA,IAAA;AAI5C,QAAM+B,IAAK1E;AAEX,EAAA4D,GAAgBc,EAAG,gBAAgB,GAAG/B,CAAK,iBAAiB,GAC5D8B,EAAwBC,EAAG,UAAU,GAAG/B,CAAK,WAAW,GACxD8B,EAAwBC,EAAG,WAAW,GAAG/B,CAAK,YAAY,GAC1D8B,EAAwBC,EAAG,WAAW,GAAG/B,CAAK,YAAY,GAC1DgB,EAAqBe,EAAG,aAAa,GAAG/B,CAAK,cAAc;AAC7D;AAEA,SAASgC,GACP3E,GACA2C,GACM;AACN,MAAI3C,MAAU,QAAQ,OAAOA,KAAU;AACrC,UAAM,IAAIoD;AAAA,MACR,mCAAmCT,CAAK;AAAA,IAAA;AAI5C,QAAMiC,IAAI5E;AACV,EAAA2D,EAAqBiB,EAAE,eAAe,GAAGjC,CAAK,gBAAgB,GAC9DgB,EAAqBiB,EAAE,mBAAmB,GAAGjC,CAAK,oBAAoB;AACxE;AAEA,SAASkC,GAAiC7E,GAAgB2C,GAAqB;AAC7E,MAAI3C,MAAU,QAAQ,OAAOA,KAAU;AACrC,UAAM,IAAIoD;AAAA,MACR,mCAAmCT,CAAK;AAAA,IAAA;AAI5C,QAAMmC,IAAI9E;AAcV,MAZA4D,GAAgBkB,EAAE,mBAAmB,GAAGnC,CAAK,oBAAoB,GACjE8B;AAAA,IACEK,EAAE;AAAA,IACF,GAAGnC,CAAK;AAAA,EAAA,GAEV8B;AAAA,IACEK,EAAE;AAAA,IACF,GAAGnC,CAAK;AAAA,EAAA,GAEV8B,EAAwBK,EAAE,aAAa,GAAGnC,CAAK,cAAc,GAC7DgB,EAAqBmB,EAAE,eAAe,GAAGnC,CAAK,gBAAgB,GAE1D,CAAC,MAAM,QAAQmC,EAAE,2BAA2B;AAC9C,UAAM,IAAI1B;AAAA,MACR,mCAAmCT,CAAK;AAAA,IAAA;AAI5C,WAAS2B,IAAI,GAAGA,IAAIQ,EAAE,4BAA4B,QAAQR;AACxD,IAAAK;AAAA,MACEG,EAAE,4BAA4BR,CAAC;AAAA,MAC/B,GAAG3B,CAAK,gCAAgC2B,CAAC;AAAA,IAAA;AAI7C,MAAI,CAAC,MAAM,QAAQQ,EAAE,mBAAmB;AACtC,UAAM,IAAI1B;AAAA,MACR,mCAAmCT,CAAK;AAAA,IAAA;AAI5C,WAAS2B,IAAI,GAAGA,IAAIQ,EAAE,oBAAoB,QAAQR;AAChD,IAAAZ;AAAA,MACEoB,EAAE,oBAAoBR,CAAC;AAAA,MACvB,GAAG3B,CAAK,wBAAwB2B,CAAC;AAAA,IAAA;AAGvC;AAKO,SAASS,GACd5D,GAC8D;AAC9D,MAAIA,MAAa,QAAQ,OAAOA,KAAa;AAC3C,UAAM,IAAIiC;AAAA,MACR;AAAA,IAAA;AAIJ,QAAMgB,IAAIjD;AAEV,MAAI,CAACsC,EAAiBW,EAAE,aAAa;AACnC,UAAM,IAAIhB;AAAA,MACR,kFAAkFH,EAAQmB,EAAE,aAAa,CAAC;AAAA,IAAA;AAI9G,MAAI,CAACZ,EAAcY,EAAE,iBAAiB;AACpC,UAAM,IAAIhB;AAAA,MACR,0FAA0FH,EAAQmB,EAAE,iBAAiB,CAAC;AAAA,IAAA;AAI1H,MAAIA,EAAE,kBAAkB,QAAQ,OAAOA,EAAE,iBAAkB;AACzD,UAAM,IAAIhB;AAAA,MACR;AAAA,IAAA;AAIJ,aAAW,CAAC4B,GAAKC,CAAO,KAAK,OAAO;AAAA,IAClCb,EAAE;AAAA,EAAA,GACD;AACD,QAAIa,MAAY,QAAQ,OAAOA,KAAY;AACzC,YAAM,IAAI7B;AAAA,QACR,iDAAiD4B,CAAG;AAAA,MAAA;AAGxD,UAAME,IAAID;AACV,QAAI,CAACzB,EAAc0B,EAAE,uBAAuB;AAC1C,YAAM,IAAI9B;AAAA,QACR,iDAAiD4B,CAAG,iEAAiE/B,EAAQiC,EAAE,uBAAuB,CAAC;AAAA,MAAA;AAAA,EAG7J;AACF;AAKO,SAASC,GACdhE,GAC6C;AAC7C,MAAIA,MAAa,QAAQ,OAAOA,KAAa;AAC3C,UAAM,IAAIiC;AAAA,MACR;AAAA,IAAA;AAIJ,QAAMgB,IAAIjD;AAEV,MAAI,CAACqC,EAAcY,EAAE,UAAU,KAAKA,EAAE,WAAW,WAAWb;AAC1D,UAAM,IAAIH;AAAA,MACR,yDAAyDG,CAAY,gCAAgCN,EAAQmB,EAAE,UAAU,CAAC;AAAA,IAAA;AAI9H,MAAI,OAAOA,EAAE,SAAU;AACrB,UAAM,IAAIhB;AAAA,MACR,iEAAiEH,EAAQmB,EAAE,KAAK,CAAC;AAAA,IAAA;AAIrF,MAAIA,EAAE,YAAY,QAAW;AAC3B,QAAIA,EAAE,YAAY,QAAQ,OAAOA,EAAE,WAAY;AAC7C,YAAM,IAAIhB;AAAA,QACR;AAAA,MAAA;AAGJ,UAAMgC,IAAUhB,EAAE;AAClB,QAAI,OAAOgB,EAAQ,UAAW;AAC5B,YAAM,IAAIhC;AAAA,QACR,yEAAyEH,EAAQmC,EAAQ,MAAM,CAAC;AAAA,MAAA;AAGpG,QAAI,OAAOA,EAAQ,UAAW;AAC5B,YAAM,IAAIhC;AAAA,QACR,0EAA0EH,EAAQmC,EAAQ,MAAM,CAAC;AAAA,MAAA;AAAA,EAGvG;AAEA,MAAIhB,EAAE,eAAe,QAAW;AAC9B,QAAIA,EAAE,eAAe,QAAQ,OAAOA,EAAE,cAAe;AACnD,YAAM,IAAIhB;AAAA,QACR;AAAA,MAAA;AAGJ,UAAMiC,IAAajB,EAAE;AACrB,QAAI,OAAOiB,EAAW,UAAW;AAC/B,YAAM,IAAIjC;AAAA,QACR,4EAA4EH,EAAQoC,EAAW,MAAM,CAAC;AAAA,MAAA;AAAA,EAG5G;AACF;AAEA,SAASb,GACPc,GACM;AAMN,MALAb,EAAwBa,EAAM,UAAU,0BAA0B,GAClEb,EAAwBa,EAAM,WAAW,2BAA2B,GACpEb,EAAwBa,EAAM,WAAW,2BAA2B,GACpE3B,EAAqB2B,EAAM,aAAa,6BAA6B,GAEjE,CAAC,MAAM,QAAQA,EAAM,uBAAuB;AAC9C,UAAM,IAAIlC;AAAA,MACR;AAAA,IAAA;AAIJ,WAASkB,IAAI,GAAGA,IAAIgB,EAAM,wBAAwB,QAAQhB;AACxD,IAAAO;AAAA,MACES,EAAM,wBAAwBhB,CAAC;AAAA,MAC/B,2CAA2CA,CAAC;AAAA,IAAA;AAIhD,MAAI,OAAOgB,EAAM,2BAA4B;AAC3C,UAAM,IAAIlC;AAAA,MACR;AAAA,IAAA;AAGN;AC3YA,MAAMmC,KAAqB;AAWpB,MAAMC,GAEb;AAAA,EAGE,YAAYC,GAAiBhG,GAAyC;AAF9D,IAAA6D,EAAA;AAGN,UAAMoC,IAA8B;AAAA,MAClC,SAAAD;AAAA,MACA,UAAShG,KAAA,gBAAAA,EAAS,YAAW8F;AAAA,MAC7B,SAAS9F,KAAA,gBAAAA,EAAS;AAAA,MAClB,YAAYA,KAAA,gBAAAA,EAAS;AAAA,MACrB,cAAcA,KAAA,gBAAAA,EAAS;AAAA,MACvB,SAASA,KAAA,gBAAAA,EAAS;AAAA,MAClB,eAAeA,KAAA,gBAAAA,EAAS;AAAA,MACxB,kBAAkBA,KAAA,gBAAAA,EAAS;AAAA,IAAA;AAE7B,SAAK,SAAS,IAAIkG,EAAcD,CAAM;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,oCACJE,GACAC,GACsD;AACtD,UAAM1E,IAAW,MAAM,KAAK,OAAO,KAGjC,qDAAqDyE,GAAQC,CAAM;AACrE,WAAAxB,GAAoDlD,CAAQ,GACrDA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,6BACJyE,GACAC,GACe;AACf,WAAO,KAAK,OAAO;AAAA,MACjB;AAAA,MACAD;AAAA,MACAC;AAAA,IAAA;AAAA,EAEJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,uBACJD,GACAC,GACe;AACf,WAAO,KAAK,OAAO;AAAA,MACjB;AAAA,MACAD;AAAA,MACAC;AAAA,IAAA;AAAA,EAEJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,iCACJD,GACAC,GACmD;AACnD,UAAM1E,IAAW,MAAM,KAAK,OAAO,KAGjC,kDAAkDyE,GAAQC,CAAM;AAClE,WAAAd,GAAiD5D,CAAQ,GAClDA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,eACJyE,GACAC,GACiC;AACjC,UAAM1E,IAAW,MAAM,KAAK,OAAO;AAAA,MACjC;AAAA,MACAyE;AAAA,MACAC;AAAA,IAAA;AAEF,WAAA1B,GAA+BhD,CAAQ,GAChCA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,gBACJyE,GACAC,GACkC;AAClC,UAAM1E,IAAW,MAAM,KAAK,OAAO;AAAA,MACjC;AAAA,MACAyE;AAAA,MACAC;AAAA,IAAA;AAEF,WAAAV,GAAgChE,CAAQ,GACjCA;AAAA,EACT;AACF;AC5IA,MAAM2E,KAAa,0BAGbC,KAAe,YAEfC,KAAqB,IACrBC,KAAmB;AAMzB,SAASC,GAAWC,GAAa1D,GAA8B;AAC7D,QAAM2D,IAAW,IAAI,cAAc,OAAOD,CAAG,GACvCE,IAAUC,EAAOF,CAAQ,GACzBG,IAAW,IAAI,WAAWF,EAAQ,SAAS,IAAI5D,EAAK,MAAM;AAChE,SAAA8D,EAAS,IAAIF,GAAS,CAAC,GACvBE,EAAS,IAAIF,GAASA,EAAQ,MAAM,GACpCE,EAAS,IAAI9D,GAAM4D,EAAQ,SAAS,CAAC,GAC9BC,EAAOC,CAAQ;AACxB;AAYA,SAASC,GAAcC,GAAsC;AAC3D,MAAIA,EAAM,WAAWT,GAAoB,QAAO;AAChD,QAAMU,IAAQR,GAAWH,IAAcU,CAAK,GACtCE,IAAUC,EAAI,mBAAmBH,GAAOC,CAAK;AACnD,SAAOC,IAAUA,EAAQ,cAAc;AACzC;AAoBO,SAASE,GACdC,GACAC,GACAC,GACS;AAET,MADID,EAAY,WAAWf,MACvBgB,EAAU,WAAWf,GAAkB,QAAO;AAOlD,MAAI;AAEF,UAAMgB,IAAcf,GAAWJ,IAAYgB,CAAY,GAKjDI,IAAOC,GAAS,KAAK;AAAA,MACzB,gBAAgBC,EAAO,KAAKL,CAAW;AAAA,IAAA,CACxC;AACD,QAAI,CAACG,EAAK,OAAQ,QAAO;AACzB,UAAMtG,IAAesG,EAAK,QAUpBG,IAAY,GACZC,IAAU,IAAIC,EAAA;AACpB,IAAAD,EAAQ,UAAU,GAClBA,EAAQ,WAAW;AAEnB,UAAME,IAAYJ,EAAO,OAAO;AAAA,MAC9BA,EAAO,KAAK,CAAC,GAAM,EAAI,CAAC;AAAA,MACxBA,EAAO,KAAKH,CAAW;AAAA,IAAA,CACxB;AACD,IAAAK,EAAQ;AAAA,MACNF,EAAO,MAAM,IAAI,CAAC;AAAA;AAAA,MAClB;AAAA;AAAA,MACA;AAAA;AAAA,MACAI;AAAA,IAAA,GAEFF,EAAQ,UAAU1G,GAAcyG,CAAS;AAGzC,UAAMI,IAAS,IAAIF,EAAA;AACnB,IAAAE,EAAO,UAAU,GACjBA,EAAO,WAAW;AAElB,UAAMC,IAAcJ,EAAQ,QAAA;AAC5B,IAAAG,EAAO,SAASC,GAAa,GAAG,CAAC,GACjCD,EAAO,UAAUL,EAAO,KAAK,CAAC,GAAI,CAAC,GAAGC,CAAS;AAG/C,UAAMM,IAAUF,EAAO;AAAA,MACrB;AAAA,MACA,CAAC7G,CAAY;AAAA,MACb,CAACyG,CAAS;AAAA,MACVE,EAAY;AAAA,IAAA,GAIRK,IAAepB,GAAcO,CAAW;AAC9C,WAAKa,IAEEhB,EAAI,cAAce,GAASC,GAAcZ,CAAS,IAF/B;AAAA,EAG5B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AC9IA,SAASa,EAASC,GAAeC,GAAkC;AACjE,QAAM5B,KAAO2B,IAAQ,MAAS,GACxBE,IAAI,OAAOD,KAAQ,WAAWA,IAAM,OAAOA,CAAG;AACpD,MAAIC,IAAI,GAAI,OAAM,IAAI,MAAM,6BAA6B;AAEzD,MAAIA,IAAI,IAAK,QAAO,IAAI,WAAW,CAAC7B,IAAM,OAAO6B,CAAC,CAAC,CAAC;AACpD,MAAIA,IAAI,OAAQ,QAAO,IAAI,WAAW,CAAC7B,IAAM,IAAI,OAAO6B,CAAC,CAAC,CAAC;AAC3D,MAAIA,IAAI,UAAU;AAChB,UAAMC,IAAI,OAAOD,CAAC;AAClB,WAAO,IAAI,WAAW,CAAC7B,IAAM,IAAK8B,MAAM,IAAK,KAAMA,IAAI,GAAI,CAAC;AAAA,EAC9D;AACA,MAAID,IAAI,cAAgB;AACtB,UAAMC,IAAI,OAAOD,CAAC;AAClB,WAAO,IAAI,WAAW;AAAA,MACpB7B,IAAM;AAAA,MACL8B,MAAM,KAAM;AAAA,MACZA,MAAM,KAAM;AAAA,MACZA,MAAM,IAAK;AAAA,MACZA,IAAI;AAAA,IAAA,CACL;AAAA,EACH;AAEA,QAAMC,IAAM,IAAI,WAAW,CAAC;AAC5B,EAAAA,EAAI,CAAC,IAAI/B,IAAM;AACf,WAAS7B,IAAI,GAAGA,KAAK,GAAGA;AACtB,IAAA4D,EAAI,IAAI5D,CAAC,IAAI,OAAO0D,KAAK,QAAQ,IAAI1D,KAAK,CAAC,CAAC,IAAI;AAElD,SAAO4D;AACT;AAEA,SAASC,MAAUC,GAAiC;AAClD,QAAMC,IAAQD,EAAM,OAAO,CAAClD,GAAGhB,MAAMgB,IAAIhB,EAAE,QAAQ,CAAC,GAC9CgE,IAAM,IAAI,WAAWG,CAAK;AAChC,MAAIC,IAAS;AACb,aAAWpE,KAAKkE;AACd,IAAAF,EAAI,IAAIhE,GAAGoE,CAAM,GACjBA,KAAUpE,EAAE;AAEd,SAAOgE;AACT;AASA,SAASK,EAAuBC,GAA+B;AAE7D,QAAMC,IAAsB,CADbZ,EAAS,GAAGW,EAAM,MAAM,CACJ;AACnC,aAAWpG,KAAKoG;AACd,IAAAC,EAAM,KAAKZ,EAAS,GAAGzF,CAAC,CAAC;AAE3B,SAAO+F,GAAO,GAAGM,CAAK;AACxB;AAsBO,SAASC,GACdC,GACAC,GACAC,GACY;AACZ,MAAI,CAAC,OAAO,cAAcA,CAAS,KAAKA,IAAY;AAClD,UAAM,IAAI;AAAA,MACR,oFAAoFA,CAAS;AAAA,IAAA;AAGjG,QAAMC,IAAcjB,EAAS,GAAG,CAAC,GAC3BkB,IAAcR,EAAuBI,CAAM,GAC3CK,IAAcT,EAAuBK,CAAyB,GAC9DK,IAAiBpB,EAAS,GAAGgB,CAAS;AAC5C,SAAOV,GAAOW,GAAaC,GAAaC,GAAaC,CAAc;AACrE;ACzFA,MAAMC,KAAyB,IAAI,YAAA,EAAc;AAAA,EAC/C;AACF;AA6BO,MAAMC,UAA4B,MAAM;AAAA,EAC7C,YACE1H,GACgB2H,GAQhB;AACA,UAAM3H,CAAO,GATG,KAAA,SAAA2H,GAUhB,KAAK,OAAO;AAAA,EACd;AACF;AAGA,SAASC,EAAWC,GAAyB;AAC3C,QAAMpB,IAAM,IAAI,WAAWoB,EAAI,SAAS,CAAC;AACzC,WAAShF,IAAI,GAAGA,IAAI4D,EAAI,QAAQ5D;AAC9B,IAAA4D,EAAI5D,CAAC,IAAI,SAASgF,EAAI,MAAMhF,IAAI,GAAGA,IAAI,IAAI,CAAC,GAAG,EAAE;AAEnD,SAAO4D;AACT;AAsBO,SAASqB,GAAqBC,GAAwC;AAC3E,QAAM,EAAE,OAAAC,GAAO,oBAAAC,GAAoB,KAAAC,EAAA,IAAQH,GAErCI,IAASC,EAAeH,CAAkB,EAAE,YAAA;AAClD,MAAIE,EAAO,WAAW/F,KAAyB,CAAC/C,EAAO,KAAK8I,CAAM;AAChE,UAAM,IAAIT;AAAA,MACR,+CAA+CS,EAAO,MAAM;AAAA,MAC5D;AAAA,IAAA;AAIJ,QAAME,IAASD,EAAeJ,EAAM,aAAa,EAAE,YAAA;AACnD,MAAIK,EAAO,WAAWjG,KAAyB,CAAC/C,EAAO,KAAKgJ,CAAM;AAChE,UAAM,IAAIX;AAAA,MACR,0CAA0CW,EAAO,MAAM;AAAA,MACvD;AAAA,IAAA;AAIJ,MAAIA,MAAWF;AACb,UAAM,IAAIT;AAAA,MACR,uDAAuDS,CAAM,SAASE,CAAM;AAAA,MAC5E;AAAA,IAAA;AAWJ,MAAI,CAAC,OAAO,cAAcL,EAAM,UAAU;AACxC,UAAM,IAAIN;AAAA,MACR,4CAA4C,KAAK,UAAUM,EAAM,UAAU,CAAC;AAAA,MAC5E;AAAA,IAAA;AAGJ,MAAI,CAAC,OAAO,cAAcE,CAAG;AAC3B,UAAM,IAAIR;AAAA,MACR,qCAAqC,KAAK,UAAUQ,CAAG,CAAC;AAAA,MACxD;AAAA,IAAA;AAGJ,MAAIF,EAAM,cAAcE;AACtB,UAAM,IAAIR;AAAA,MACR,oCAAoCM,EAAM,UAAU,SAASE,CAAG;AAAA,MAChE;AAAA,IAAA;AAIJ,QAAMI,IAAMF,EAAeJ,EAAM,gBAAgB,EAAE,YAAA;AACnD,MAAIM,EAAI,WAAWjG,KAA6B,CAAChD,EAAO,KAAKiJ,CAAG;AAC9D,UAAM,IAAIZ;AAAA,MACR,wDAAwDY,EAAI,MAAM;AAAA,MAClE;AAAA,IAAA;AAGJ,QAAM/I,IAAS+I,EAAI,MAAM,GAAG,CAAC;AAC7B,MAAI/I,MAAW,QAAQA,MAAW;AAChC,UAAM,IAAImI;AAAA,MACR,2DAA2DnI,CAAM;AAAA,MACjE;AAAA,IAAA;AASJ,QAAMgJ,IAAWX,EAAWU,CAAG;AAC/B,MAAI,CAACnD,EAAI,QAAQoD,CAAQ;AACvB,UAAM,IAAIb;AAAA,MACR;AAAA,MACA;AAAA,IAAA;AAIJ,QAAMc,IAAMJ,EAAeJ,EAAM,SAAS,EAAE,YAAA;AAC5C,MAAIQ,EAAI,WAAWC,MAAuB,CAACpJ,EAAO,KAAKmJ,CAAG;AACxD,UAAM,IAAId;AAAA,MACR,8CAA8Cc,EAAI,MAAM;AAAA,MACxD;AAAA,IAAA;AAQJ,QAAME,IAAUzB;AAAA,IACdQ;AAAA,IACAG,EAAWU,CAAG;AAAA,IACdN,EAAM;AAAA,EAAA;AAGR,MAAI,CADa5C,GAAmBsD,GAASd,EAAWS,CAAM,GAAGT,EAAWY,CAAG,CAAC;AAE9E,UAAM,IAAId;AAAA,MACR;AAAA,MACA;AAAA,IAAA;AAGN;AClNO,MAAMiB,yBAA8C,IAAI;AAAA,EAC7D;AAAA,EACA;AAAA,EACA;AACF,CAAC,GCFKC,KAAuB,KAEhBC,IAAqB;AAE3B,SAASC,GACd9E,GACA+E,GACe;AACf,SAAO,IAAI7E,EAAc;AAAA,IACvB,SAAAF;AAAA,IACA,SAAS4E;AAAA,IACT,SAAAG;AAAA,IACA,cAAc,CAACC,MAAWA,MAAWH;AAAA,EAAA,CACtC;AACH;ACgBA,MAAMI,IAAsB,YAOtBC,KAA4B;AAyC3B,MAAMC,GAA+C;AAAA,EAgB1D,YAAYlF,GAA+B;AAXnC;AAAA;AAAA;AAAA;AAAA,IAAApC,EAAA;AACS,IAAAA,EAAA;AACA,IAAAA,EAAA;AACA,IAAAA,EAAA;AACA,IAAAA,EAAA;AACA,IAAAA,EAAA;AACA,IAAAA,EAAA;AAET,IAAAA,EAAA,gBAA6B;AAC7B,IAAAA,EAAA,kBAAwC;AAG9C,SAAK,SAASoC,EAAO,QACrB,KAAK,YAAYA,EAAO,WACxB,KAAK,gBAAgBA,EAAO,eAC5B,KAAK,qBAAqBA,EAAO,oBACjC,KAAK,mBAAmBA,EAAO,kBAC/B,KAAK,kBAAkBA,EAAO,mBAAmBiF,IACjD,KAAK,MAAMjF,EAAO,QAAQ,MAAM,KAAK,MAAM,KAAK,QAAQ,GAAI;AAAA,EAC9D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,SAAS+E,GAAwC;AAErD,QADIA,MAAWH,KACX,CAAC,KAAK,iBAAiB,IAAIG,CAAM,EAAG,QAAO;AAE/C,UAAMI,IAAS,KAAK;AACpB,WAAIA,KAAU,KAAK,IAAA,IAAQ,KAAK,kBAAkBA,EAAO,YAChDA,EAAO,SAGF,MAAM,KAAK,oBAAA,GACZ;AAAA,EACf;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,aAAmB;AACjB,SAAK,SAAS;AAAA,EAKhB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,UAAUC,GAA6B;AACrC,SAAK,SAASA;AAAA,EAChB;AAAA,EAEQ,sBAA4C;AAClD,UAAMC,IAAW,KAAK;AACtB,QAAIA,EAAU,QAAOA;AAErB,UAAM7G,KAAK,YAAY;AACrB,UAAI;AACF,cAAM/C,IAAW,MAAM,KAAK,OAAO,KAGjCmJ,GAAoB;AAAA,UACpB,YAAY,KAAK;AAAA,UACjB,aAAa,KAAK;AAAA,QAAA,CACnB;AAWD,YATAf,GAAqB;AAAA,UACnB,OAAOpI,EAAS;AAAA,UAChB,oBAAoB,KAAK;AAAA,UACzB,KAAK,KAAK,IAAA;AAAA,QAAI,CACf,GAKG,OAAOA,EAAS,SAAU,YAAYA,EAAS,MAAM,WAAW;AAClE,gBAAM,IAAI;AAAA,YACR,sFAAsF,OAAOA,EAAS,KAAK;AAAA,UAAA;AAG/G,cAAMwI,IAAM,KAAK,IAAA;AACjB,YACE,CAAC,OAAO,cAAcxI,EAAS,UAAU,KACzCA,EAAS,cAAcwI,KACvBxI,EAAS,aAAauJ;AAEtB,gBAAM,IAAI;AAAA,YACR,gEAAgE,KAAK,UAAUvJ,EAAS,UAAU,CAAC,gCAAgCwI,CAAG,KAAKe,CAAmB;AAAA,UAAA;AAIlK,cAAMM,IAAqB;AAAA,UACzB,OAAO7J,EAAS;AAAA,UAChB,WAAWA,EAAS;AAAA,QAAA;AAEtB,oBAAK,SAAS6J,GACPA;AAAA,MACT,UAAA;AACE,aAAK,WAAW;AAAA,MAClB;AAAA,IACF,GAAA;AAEA,gBAAK,WAAW9G,GACTA;AAAA,EACT;AACF;AC9LO,MAAM+G,GAAgB;AAAA,EAAtB;AACY,IAAA3H,EAAA,qCAAc,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAS/B,YAAYkG,GAA8C;AACxD,UAAMuB,IAAW,KAAK,QAAQ,IAAIvB,EAAM,SAAS;AACjD,QAAIuB,GAAU;AACZ,UAAIA,EAAS,kBAAkBvB,EAAM;AACnC,cAAM,IAAI;AAAA,UACR,8BAA8BA,EAAM,SAAS,mCAAmCuB,EAAS,cAAc,MAAM,GAAG,CAAC,CAAC,UAAUvB,EAAM,cAAc,MAAM,GAAG,CAAC,CAAC;AAAA,QAAA;AAG/J,UAAIuB,EAAS,uBAAuBvB,EAAM;AACxC,cAAM,IAAI;AAAA,UACR,8BAA8BA,EAAM,SAAS,wCAAwCuB,EAAS,mBAAmB,MAAM,GAAG,CAAC,CAAC,UAAUvB,EAAM,mBAAmB,MAAM,GAAG,CAAC,CAAC;AAAA,QAAA;AAM9K,aAAAuB,EAAS,SAAS,UAAUvB,EAAM,MAAM,GACjCuB,EAAS;AAAA,IAClB;AAEA,UAAMG,IAAW,IAAIN,GAAgB;AAAA,MACnC,QAAQpB,EAAM;AAAA,MACd,WAAWA,EAAM;AAAA,MACjB,eAAeA,EAAM;AAAA,MACrB,oBAAoBA,EAAM;AAAA,MAC1B,kBAAkBY;AAAA,IAAA,CACnB;AACD,gBAAK,QAAQ,IAAIZ,EAAM,WAAW;AAAA,MAChC,UAAA0B;AAAA,MACA,eAAe1B,EAAM;AAAA,MACrB,oBAAoBA,EAAM;AAAA,IAAA,CAC3B,GACM0B;AAAA,EACT;AAAA;AAAA,EAGA,KAAKC,GAAgD;;AACnD,YAAOjI,IAAA,KAAK,QAAQ,IAAIiI,CAAS,MAA1B,gBAAAjI,EAA6B;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,QAAQiI,GAAyB;AAC/B,SAAK,QAAQ,OAAOA,CAAS;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,QAAc;AACZ,SAAK,QAAQ,MAAA;AAAA,EACf;AAAA,EAEA,IAAI,OAAe;AACjB,WAAO,KAAK,QAAQ;AAAA,EACtB;AACF;AAaO,MAAMC,KAAyC,IAAIH,GAAA;AChFnD,SAASI,GACd3F,GACwB;;AACxB,QAAM4F,IAAmBf;AAAA,IACvB7E,EAAO;AAAA,KACPxC,IAAAwC,EAAO,YAAP,gBAAAxC,EAAgB;AAAA,EAAA,GAGZqI,IAAgBH,GAAgB,YAAY;AAAA,IAChD,QAAQE;AAAA,IACR,WAAW5F,EAAO;AAAA,IAClB,eAAeA,EAAO;AAAA,IACtB,oBAAoBA,EAAO;AAAA,EAAA,CAC5B;AAED,SAAO,IAAIF,GAAuBE,EAAO,SAAS;AAAA,IAChD,GAAGA,EAAO;AAAA,IACV,eAAA6F;AAAA,EAAA,CACD;AACH;AC5BO,SAASC,GAAqBhC,GAA+B;AAClE,EAAA4B,GAAgB,YAAY;AAAA,IAC1B,QAAQb,GAAsBf,EAAM,SAASA,EAAM,OAAO;AAAA,IAC1D,WAAWA,EAAM;AAAA,IACjB,eAAeA,EAAM;AAAA,IACrB,oBAAoBA,EAAM;AAAA,EAAA,CAC3B;AACH;ACAA,eAAsBiC,GACpBC,GACAC,GAC4B;AAC5B,QAAM,CAACC,GAAgBC,CAAmB,IAAI,MAAMH,EAAa,UAAU;AAAA,IACzE,WAAW;AAAA,MACT;AAAA,QACE,SAASC;AAAA,QACT,KAAKG;AAAA,QACL,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,SAASH;AAAA,QACT,KAAKG;AAAA,QACL,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,cAAc;AAAA,EAAA,CACf;AAED,SAAO;AAAA,IACL,gBAAAF;AAAA,IACA,qBAAAC;AAAA,EAAA;AAEJ;ACjCA,MAAME,IAAa;AAgCnB,SAASC,EAAkBC,GAAoD;AAC7E,SAAO;AAAA,IACL,gBAAgBA,EAAO;AAAA,IACvB,yBAAyBA,EAAO;AAAA,IAChC,qBAAqB,CAAC,GAAGA,EAAO,mBAAmB;AAAA,IACnD,eAAeA,EAAO;AAAA,IACtB,SAASA,EAAO;AAAA,IAChB,oBAAoBA,EAAO;AAAA,IAC3B,yBAAyBA,EAAO;AAAA,IAChC,oBAAoBA,EAAO;AAAA,IAC3B,SAASA,EAAO;AAAA,IAChB,QAAQA,EAAO;AAAA,IACf,iBAAiBA,EAAO;AAAA,IACxB,sBAAsBA,EAAO;AAAA,IAC7B,kBAAkBA,EAAO;AAAA,EAAA;AAE7B;AAGA,SAASC,EAAaD,GAAyC;AAC7D,SAAO;AAAA,IACL,oBAAoBA,EAAO;AAAA,IAC3B,gBAAgBA,EAAO;AAAA,IACvB,iBAAiBA,EAAO;AAAA,IACxB,wBAAwBA,EAAO;AAAA,IAC/B,oBAAoBA,EAAO;AAAA,EAAA;AAE/B;AAYA,SAASE,EAAoBC,GAAgC;AAC3D,MAAIA,IAAiB,OAAOL,CAAU;AACpC,UAAM,IAAI;AAAA,MACR,wBAAwBK,CAAc,wBAAwBL,CAAU;AAAA,IAAA;AAG5E,SAAO,OAAOK,CAAc;AAC9B;AAWO,MAAMC,GAAyD;AAAA,EACpE,YACUX,GACAY,GACR;AAFQ,SAAA,eAAAZ,GACA,KAAA,kBAAAY;AAAA,EACP;AAAA,EAEH,MAAM,uBAAmD;AACvD,UAAML,IAAU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKpJ;AAAA,MACL,cAAc;AAAA,IAAA,CACf;AAED,WAAOqJ,EAAaD,CAAM;AAAA,EAC5B;AAAA,EAEA,MAAM,0BAA4D;AAChE,UAAMA,IAAU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKpJ;AAAA,MACL,cAAc;AAAA,IAAA,CACf;AAED,WAAOmJ,EAAkBC,CAAM;AAAA,EACjC;AAAA,EAEA,MAAM,2BACJM,GACkC;AAClC,UAAMN,IAAU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKpJ;AAAA,MACL,cAAc;AAAA,MACd,MAAM,CAAC0J,CAAO;AAAA,IAAA,CACf;AAED,WAAOP,EAAkBC,CAAM;AAAA,EACjC;AAAA,EAEA,MAAM,iCAAkD;AAOtD,WANgB,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKpJ;AAAA,MACL,cAAc;AAAA,IAAA,CACf;AAAA,EAGH;AAAA,EAEA,MAAM,0BAA0B0J,GAAkC;AAChE,UAAM3G,IAAS,MAAM,KAAK,2BAA2B2G,CAAO;AAC5D,WAAOJ,EAAoBvG,EAAO,cAAc;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,wBAAqD;AACzD,UAAM4G,IAAU,MAAM,KAAK,aAAa,UAAU;AAAA,MAChD,WAAW;AAAA,QACT;AAAA,UACE,SAAS,KAAK;AAAA,UACd,KAAK3J;AAAA,UACL,cAAc;AAAA,QAAA;AAAA,QAEhB;AAAA,UACE,SAAS,KAAK;AAAA,UACd,KAAKA;AAAA,UACL,cAAc;AAAA,QAAA;AAAA,MAChB;AAAA,MAEF,cAAc;AAAA,IAAA,CACf,GAEK4J,IAAYP,EAAaM,EAAQ,CAAC,CAAiB,GACnDE,IAAiBV,EAAkBQ,EAAQ,CAAC,CAAsB;AAExE,WAAO;AAAA,MACL,oBAAoBC,EAAU;AAAA,MAC9B,gBAAgBA,EAAU;AAAA,MAC1B,iBAAiBA,EAAU;AAAA,MAC3B,wBAAwBA,EAAU;AAAA,MAClC,oBAAoBA,EAAU;AAAA,MAC9B,eAAeN,EAAoBO,EAAe,cAAc;AAAA,MAChE,gBAAgBA,EAAe;AAAA,MAC/B,oBAAoBA,EAAe;AAAA,MACnC,gBAAAA;AAAA,IAAA;AAAA,EAEJ;AACF;ACtLA,SAASC,EACPV,GACqB;AACrB,SAAOA,EAAO,IAAI,CAACW,OAAU;AAAA,IAC3B,YAAYA,EAAK;AAAA,IACjB,WAAWA,EAAK;AAAA,EAAA,EAChB;AACJ;AAWO,MAAMC,GAAmD;AAAA,EAC9D,YACUnB,GACAY,GACR;AAFQ,SAAA,eAAAZ,GACA,KAAA,kBAAAY;AAAA,EACP;AAAA,EAEH,MAAM,yBACJQ,GACAP,GAC8B;AAC9B,UAAMN,IAAU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKrJ;AAAA,MACL,cAAc;AAAA,MACd,MAAM,CAACkK,GAAeP,CAAO;AAAA,IAAA,CAC9B;AAED,WAAOI,EAAYV,CAAM;AAAA,EAC3B;AAAA,EAEA,MAAM,uBACJa,GAC8B;AAC9B,UAAMb,IAAU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKrJ;AAAA,MACL,cAAc;AAAA,MACd,MAAM,CAACkK,CAAa;AAAA,IAAA,CACrB;AAED,WAAOH,EAAYV,CAAM;AAAA,EAC3B;AAAA,EAEA,MAAM,8BACJa,GACiB;AAQjB,WAPgB,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKlK;AAAA,MACL,cAAc;AAAA,MACd,MAAM,CAACkK,CAAa;AAAA,IAAA,CACrB;AAAA,EAGH;AACF;AAWO,MAAMC,GAAmE;AAAA,EAC9E,YACUrB,GACAY,GACR;AAFQ,SAAA,eAAAZ,GACA,KAAA,kBAAAY;AAAA,EACP;AAAA,EAEH,MAAM,iCACJC,GAC8B;AAC9B,UAAMN,IAAU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKpJ;AAAA,MACL,cAAc;AAAA,MACd,MAAM,CAAC0J,CAAO;AAAA,IAAA,CACf;AAED,WAAOI,EAAYV,CAAM;AAAA,EAC3B;AAAA,EAEA,MAAM,iCAA+D;AACnE,UAAMA,IAAU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKpJ;AAAA,MACL,cAAc;AAAA,IAAA,CACf;AAED,WAAO8J,EAAYV,CAAM;AAAA,EAC3B;AAAA,EAEA,MAAM,uCAAwD;AAO5D,WANgB,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKpJ;AAAA,MACL,cAAc;AAAA,IAAA,CACf;AAAA,EAGH;AACF;ACrGO,MAAMmK,GAAuD;AAAA,EAClE,YACUtB,GACAY,GACR;AAFQ,SAAA,eAAAZ,GACA,KAAA,kBAAAY;AAAA,EACP;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQH,MAAM,0BACJW,GAC2B;AAO3B,UAAMC,KANU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKpB;AAAA,MACL,cAAc;AAAA,MACd,MAAM,CAACmB,CAAS;AAAA,IAAA,CACjB,GACsB,YAAA;AACvB,QAAI,CAAC,mBAAmB,KAAKC,CAAO;AAClC,YAAM,IAAI;AAAA,QACR,2DAA2DD,CAAS,YAAYC,EAAQ,MAAM,aAAaA,EAAQ,MAAM,GAAG,CAAC,CAAC;AAAA,MAAA;AAGlI,UAAMC,IAAWD,EAAQ,MAAM,CAAC;AAChC,QAAI,CAACtG,EAAI,aAAawG,GAAgBD,CAAQ,CAAC;AAC7C,YAAM,IAAI;AAAA,QACR,kFAAkFF,CAAS;AAAA,MAAA;AAG/F,WAAOE;AAAA,EACT;AAAA,EAEA,MAAM,kBAAkBE,GAAuC;AAC7D,UAAMpB,IAAU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKH;AAAA,MACL,cAAc;AAAA,MACd,MAAM,CAACuB,CAAO;AAAA,IAAA,CACf;AAUD,WAAO;AAAA,MACL,WAAWpB,EAAO;AAAA,MAClB,oBAAoBA,EAAO;AAAA,MAC3B,QAAQA,EAAO;AAAA,MACf,eAAeA,EAAO;AAAA,MACtB,QAAQA,EAAO;AAAA,MACf,uBAAuBA,EAAO;AAAA,MAC9B,WAAWA,EAAO;AAAA,IAAA;AAAA,EAEtB;AAAA,EAEA,MAAM,qBAAqBoB,GAA0C;AACnE,UAAMpB,IAAU,MAAM,KAAK,aAAa,aAAa;AAAA,MACnD,SAAS,KAAK;AAAA,MACd,KAAKH;AAAA,MACL,cAAc;AAAA,MACd,MAAM,CAACuB,CAAO;AAAA,IAAA,CACf;AAcD,WAAO;AAAA,MACL,wBAAwBpB,EAAO;AAAA,MAC/B,6BAA6BA,EAAO;AAAA,MACpC,wBAAwBA,EAAO;AAAA,MAC/B,uBAAuBA,EAAO;AAAA,MAC9B,YAAYA,EAAO;AAAA,MACnB,qBAAqBA,EAAO;AAAA,MAC5B,UAAUA,EAAO;AAAA,MACjB,UAAUA,EAAO;AAAA,MACjB,uBAAuBA,EAAO;AAAA,MAC9B,gBAAgBA,EAAO;AAAA,MACvB,4BAA4BA,EAAO;AAAA,IAAA;AAAA,EAEvC;AAAA,EAEA,MAAM,aAAaoB,GAAkC;AACnD,UAAM,CAACC,GAAOC,CAAQ,IAAI,MAAM,QAAQ,IAAI;AAAA,MAC1C,KAAK,kBAAkBF,CAAO;AAAA,MAC9B,KAAK,qBAAqBA,CAAO;AAAA,IAAA,CAClC;AAED,QACE,CAACE,EAAS,0BACVA,EAAS,2BAA2B;AAEpC,YAAM,IAAI;AAAA,QACR,SAASF,CAAO;AAAA,MAAA;AAIpB,WAAO,EAAE,OAAAC,GAAO,UAAAC,EAAA;AAAA,EAClB;AACF;"}